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Hands-on practice for the CCNP Troubleshooting exam with TCP/IP, LAN, and WAN trouble 
tickets based on Cisco Internetwork Troubleshooting (CIT) topics. 


With this book, you can: 
e Set up and follow along with real-world lab scenarios aligned to each exam topic, with or 
without the actual equipment 
e Establish a baseline and document your physical and logical network 


e Identify troubleshooting targets using ping, trace, show, clear, debug, and other 
troubleshooting tools and utilities 


e Diagnose and troubleshoot actual problems by following along with author- provided 
Catalyst(r) OS and Cisco |OS(r) Software command input, output, and logging 


e Use instructor-developed problem-isolation methods to resolve Trouble Tickets 
e "Sniff the wire to spot network issues 


e Analyze local and remote access problems in Ethernet networks, including issues with 
cabling, speed and duplex, utilization and collisions, bandwidth, CSMA/CD, one-way link, 
auto negotiation, addressing, encapsulation, and more 


e Apply a layered troubleshooting methodology to real-life routing and switching 
environments 


Designed for aspiring CCNP and CCIE(r) professionals, this indispensable lab guide builds on 
Cisco(r) Internetwork Troubleshooting (CIT) topics that prepare you for the CCNP 
Troubleshooting exam. Full of practical exercises that get you ready for challenges on the job, 
CCNP Practical Studies: Troubleshooting gives you an edge over the competition through real- 
world application of LAN and WAN topics. 


CCNP Practical Studies: Troubleshooting provides you with practical information on all the 
important concepts central to the troubleshooting portion of the CCNP certification, including 


protocol characteristics and tools and supporting IP, IPX, Ethernet, switches, VLANs, and WANs. 
Each chapter contains an overview of standards and protocols, troubleshooting tools, and basic 
methods and documentation techniques, as well as hands-on scenarios. Although having access 
to equipment is the ideal way to profit from this book, relevant information delivered through 
figures, configuration examples, and detailed text ensures everyone can benefit from the 
information presented. Protocol analyzer traces emphasize important concepts and trouble 
areas. Chapters end with real-world Trouble Tickets designed to give you additional practical 
experience. The final chapter, "Trouble Tickets: The Sum of All Fears," offers comprehensive 
troubleshooting scenarios in which you must identify, diagnose, and solve complex issues using 
the methods you have learned. 


Whether you are seeking practical knowledge to enhance your preparation for the CCNP 
Troubleshooting exam or you are a newly minted CCNP in need of hands-on experience to hone 
your on-the-job skills, CCNP Practical Studies: Troubleshooting has what you need to take your 
troubleshooting skills to the next level. 


This book is part of a recommended learning path from Cisco Systems(r) that includes 
simulation and hands-on training from authorized Cisco Learning Partners and self-study 
products from Cisco Press. To find out more about instructor-led training, e-learning, and hands- 
on instruction offered by authorized Cisco Learning Partners worldwide, please visit 
www.cisco.com/go/authorizedtraining. 
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Foreword 


CCNP Practical Studies: Troubleshooting is designed to provide you with another vehicle to 
obtain hands-on experience, which is a critical component of any preparation program for the 
Cisco Certified Network Professional exams. The detailed lab scenarios contained in this book 
illustrate the application of key support and troubleshooting concepts covered on the CCNP 
Troubleshooting exam, helping you master the advanced practical skills you need to install, 
configure, and operate LAN, WAN, and dial access services for networks from 100 to more than 
500 nodes. With the introduction of performance-based testing elements to the CCNP exams, 
these hands-on skills are of critical importance to succeeding on the exam and in your daily job 
as a CCNP professional. This book was developed in cooperation with the Cisco Internet Learning 
Solutions Group. Cisco Press books are the only self-study books authorized by Cisco for CCNP 
exam preparation. 


Cisco and Cisco Press present this material in text-based format to provide another learning 
vehicle for our customers and the broader user community in general. Although a publication 
does not duplicate the instructor-led or e-learning environment, we acknowledge that not 
everyone responds in the same way to the same delivery mechanism. It is our intent that 
presenting this material via a Cisco Press publication will enhance the transfer of knowledge to a 
broad audience of networking professionals. 


Cisco Press will present lab manuals on existing and future exams through these Practical 
Studies titles to help achieve Cisco Internet Learning Solutions Group's principal objectives: to 
educate the Cisco community of networking professionals and to enable that community to build 
and maintain reliable, scalable networks. The Cisco Career Certifications and classes that 
support these certifications are directed at meeting these objectives through a disciplined 
approach to progressive learning. To succeed on the Cisco Career Certifications exams, as well 
as in your daily job as a Cisco-certified professional, we recommend a blended learning solution 
that combines instructor-led, e-learning, and self-study training with hands-on experience. Cisco 
Systems has created an authorized Cisco Learning Partner program to provide you with the most 
highly qualified instruction and invaluable hands-on experience in lab and simulation 
environments. To learn more about Cisco Learning Partner programs available in your area, 
please go to: www.cisco.com/go/training. 


The books that Cisco Press creates in partnership with Cisco Systems meet the same standards 
for content quality demanded of our courses and certifications. It is our intent that you will find 
this and subsequent Cisco Press certification and training publications of value as you build your 
networking knowledge base. 


Thomas M. Kelly 

Vice-President, Internet Learning Solutions Group 
Cisco Systems, Inc. 

March 2003 


Introduction 


CCNP Practical Studies: Troubleshooting is part of the Practical Studies series of Cisco Press 
books designed to prepare readers for the CCNP exams and real-world application of LAN and 
WAN technologies. Unfortunately, life is not just a checklist and neither is supporting networks. 
However, if you know how things are supposed to work, use a consistent troubleshooting method 
and layered approach, apply your skills through hands-on application, and have a positive 
attitude, you are most certainly on your way to shooting trouble before it shoots you. 


Troubleshooting skills are a must-have for every CCNA, CCNP, and CCIE today. There is an 
increasing demand for practical application of the knowledge learned in Cisco and other 
internetworking classes. People learn by doing. Practice makes perfect. Employers want people 
with degrees and certifications, but they really need people who can perform the job that their 
resume says they can. This book gives you a practical advantage over the competition through 
real-world application of internetworking topics. It is designed for CCNAs and CCNPs as well as 
the want-to-be seeking practical experience in the topics covered on the CCNP Troubleshooting 
exam. Because material in this book is very helpful for anyone in or pursuing a support career, 
even CCIEs and other support professionals may enjoy reviewing the book to sharpen their 
troubleshooting skills. The scope is limited to TCP/IP and routing and switching and to a lesser 
extent Novell IPX troubleshooting. 


Cisco Career Certifications 


Cisco CCNA, CCNP, and CCIE certifications coupled with field experience ensure high standards 
of technical expertise and can lead to outstanding opportunities. To learn more about the 
Associate, Professional, and Expert certification paths, go to 
www.cisco.com/en/US/learning/index.html. 


Beyond being an excellent troubleshooting training tool, this book helps prepare you for the 
Cisco Internetwork Troubleshooting (CIT) Troubleshooting exam, which is one of the exams 
required to achieve CCNP certification. Review the published support exam topics at 
www.cisco.com/en/US/learning/index.html (click Professional, then CCNP, and then 
Troubleshooting exam). 


To schedule an exam in the United States and Canada, visit Prometric online at 
www.prometric.com or VUE at www.vue.com. Alternatively, call 1-800-829-6387 (NETS) to 
register for an exam. 


Goals of This Book 


Cisco Systems, Cisco Press, and | strongly recommend that you supplement instructor-led 
training with additional practical experience to prepare for Cisco certification exams and gain the 
knowledge necessary to work in the field. Cisco is starting to make sure of that by including 
simulations on their certification tests. 


This book assumes a CCNA level of knowledge. Many times when students get to the CCNP 
curriculum, however, they fail to understand the basics of TCP/IP networking and lack a 
methodology to troubleshoot basic issues. This will not be an issue for readers of this 
troubleshooting guide because supporting TCP/IP and Cisco internetworks are essential goals of 
this book. 


This book is a strong companion to the Cisco Internetwork Troubleshooting course as well as 
other Cisco Press and third-party materials, including the Cisco System website, www.cisco.com. 
It is an essential resource to prepare you for the real-world CCNP Troubleshooting certification. 
It helps you test yourself before your employers do. 


To meet these goals, this book helps you do the following: 


e Establish a baseline and document your physical and logical internetwork. 
e Take step-by-step approaches to troubleshooting. 


e Understand protocol characteristics and tools to help identify how technologies work so that 
you know when they are broken. 


e Experience coverage of |P over Ethernet and the WAN. 


e Apply your troubleshooting skills firsthand through practical chapter scenarios, detailed 
figures, and examples. 


e Set up a test lab or at least walk through the solutions to solve real-world situations via 
Trouble Tickets. People learn by doing. Hands-on labs assist you in quickly recognizing 
common issues so that you avoid just applying the swap-till- you-drop approach to 
troubleshooting. 


In addition, this book provides supporting resources and files including troubleshooting 
checklists and charts, tools, Sniffer Pro protocol analyzer captures, downloadable configurations, 
review questions, and the appendix materials. 


How to Use This Book 


To get the maximum benefit from this book, when reading engage yourself in the chapter scenario: 
practical approaches to supporting the LAN and WAN. It is critical to learn to identify trouble spots 
layered approach—however, this cannot be accomplished via memorization techniques. This book : 
how to apply theoretical knowledge and skills to practical scenarios. Each chapter includes a scena 
the practical hands-on basis for a review of the applicable technology. Each chapter ends with real- 
Trouble Tickets designed to give you further practical experience. Having your own equipment or a 
equipment is the ideal way to profit from this book (see Appendix C), but if that is not possible, the 
information is delivered through figures, configuration examples, and text, so you can still follow a 
practical exercises. 


Troubleshooting commands such as cdp, ping, trace, set, show, clear, and debug are used exte 
printed examples in this book so that you can follow along with or without the appropriate equipm: 
from Sniffer Pro protocol analyzer traces and other tools emphasize important concepts and troubl: 
required. Each chapter suggests additional references such as utilities, labs, websites, and supplen 
reading as it relates. Refer to Appendix C if you need to get started right away on acquiring the eq 
your lab. 


| sincerely wish you the best with applying this book to your specific requirements. | recommend tt 
the first couple of chapters to review the topics you think you already know. Use Chapter 10 as bot 
and a post-test for the book. It includes a comprehensive set of self-guided Trouble Tickets that en 
assess your support skills before and after reading the book. If you want, turn to it now to get fam 
what to expect throughout the book. Then you can return to the beginning of the book and spend é 
little time needed on the topics included. 


My experiences and studies have given me the challenges and opportunities needed to live and wo 
technologically advancing society. Providing technical expertise, leadership, and support to my em 
coworkers, family, and friends gives me the challenge, encouragement, and enthusiasm required t 
today's technology for tomorrow's competitive advantage. Please help me continue that by sendinc 


feedback to donna@shoretraining.com. 


Supporting Files 


You can find files and links to utilities that support this book on the Cisco Press website at 
www.ciscopress.com/1587200570. Even if you do not have a lab, you can take advantage of the st 
configuration files including the logs to understand device input and output. The files are listed thre 
chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs listed in Tabl: 


Table 1-1. Useful Programs for Reading and Using This Book's Supportin 
www .ciscopress.com/ 1587200570. 


Evaluation 


copy 
Software Website link available? 
Protocol Analyzers 
Network www.sniffer.com No 
Associates 
Sniffer Pro 
Ethereal www.ethereal.com Free 
WildPackets www.wildpackets.com Yes 
EtherPeek 
Terminal Emulation Programs 
SecureCRT www.vandyke.com Yes 
Hyperterminal www.hilgraeve.com Comes with 
Windows 
operating 
systems. 
PuTTY www.chiark.greenend.org.uk/~sgtatham/putty/download.html Free 
FTP/ TFTP/ Syslog Programs 
PumpKin TFTP www.klever.net/kin Yess 


3CDaemon support.3com.com/infodeli/swlib/utilities for windows 32 _bit.htm| Free 
Cisco TFTP www.cisco.com/pcgi-bin/tablebuild. pl/tftp Free 
server 


Command Syntax Conventions 


Command syntax in this book conforms to the following conventions: 


e Commands, keywords, and actual values for arguments are bold. 

e Arguments (which need to be supplied with an actual value) are italic. 
e Optional keywords and arguments are in brackets []. 

e Achoice of mandatory keywords and arguments is in braces {}. 


Note that these conventions are for syntax only. 


Icons Used in This Book 


Throughout this book, you will see the following icons used for networking devices: 


Ss wd Wl o_ 


Router Bridge Hub DSU/CSU 
Alz 
— A wee 
Catalyst Multilayer arene Relay 
Switch Switch on Switch 


Communication 
Server 


The following icons are used for peripherals and other devices: 


Sag0au0 


PC with Sun Macintosh 
Software Workstation 
Terminal File Web Cisco Works Modem 
Server Server Workstation 


Cluster 
Controller 


The following icons are used for networks and network connections: 


Line: Ethernet Bn, 


Token Ring 
ge FDDI 
Line: Serial 
—— 

FDDI 

— . ian = = 
airs Be cectian ( ) 

Line: Switched Serial ) 


Network Cloud 


Password Recovery Guidelines 


2000, 2500, 3000, 4000, 
7000 


1600, 1700, 2600, 3600, 
4500, 4700, 5500, 6000, 
7500 


CatOS 2900, 5000, 6000 Switches 


1. Establish console 
session. 


9600b, 8d, Op, 1s, no flow 
control. 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow 
control. 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow control. 


2. Power cycle and press 
Break key* within first 60 
seconds. 


2. Power cycle and press 


Break key* within first 60 
seconds. 


2. Power cycle. Within first 30 
seconds press Enter for user 
password, get into enable mode, 
and also press Enter for enable 
password. 


| 3. Observe and record 
config-register. Normally 
0x2102.>0 


3. Observe and record 
config-register. Normally 
0x2102. rommonl1>confreg 


3. Change the passwords as usual 


| usingset pass and set 


enablepass. 


4. Change config-register 
to ignore startup-config 
(NVRAM). 

>o/ r 0x2142 


Then initialize with >i 


4. Change config register to 
ignore startup-config 
(NVRAM). 

>confreg 0x2142 


>reset 


| 4. Since these devices write their 


config automatically you should 
only need to test your passwords. 


5. Press Ctrl+C to break 
out of setup mode. 


5. Follow Steps 5-9 for the 
2000, 2500, 3000, 4000, 
and 7000 to the left. 


| 6. From enable mode, 

typecopy start run but 
do not exit. (Old command 
isconfig mem.) 


2900XL, 3500XL, 2950, 3550 Switches 


7. Restore the config- 
register and bring up all 
interfaces. 


r1(config)#config- reg 
0x2102 


r1(config)#int sO 


r1(config-if)#no shut 


1. Establish console session. 
9600b, 8d, Op, 1s, no flow control 


(If you had previously enabled boot-enable break, the device 
would respond like a router and you could follow the procedures 
from there.) 


8. Record or change the 
passwords. 


r1#sh run (or sh config) 
rl#config t 


r1(config)#enable pass 
donna 


r1(config)#enable secret 
harrington 


r1(config)#line vty 0 4 


r1(config-line)#pass 
donna 


r1(config-line)#end 


2. Unplug the power cable from back of switch. Reconnect while 
you hold the front panel mode button. Release the mode button a 
couple seconds after the first port on the switch is no longer 
illuminated. You should see a message about the system being 
interrupted prior to the Flash memory file system initializing. 


9. Save the configuration 
and reload. 


rl#copy run start (or wr 
mem) 


rl#reload 


r1#sh version 


3. Type flash_init and then type load_ helper. You can list the 
files in flash with dir flash:, and the default configuration is 
config.text. 


4. Type more flash:config.text to view the passwords. If not 
encrypted, you are done. If encrypted, go to Step 5. 


5. Rename the configuration file as follows: 


rename flash: config.text flash: config.old. 


6. Boot the system with the boot command. Answer n for no to 
start setup. Go to enable mode by typing enable, but do not exit. 


7. Rename the configuration file to its original name as follows: 


rename flash: config.old flash: config.text. 


8. Copy the configuration file to memory with the config mem or 
copy flash:config.text system: running-config command. 
Accept config.text as the source and running-config as the 
destination filenames. 


9. Change the passwords. 
enable passworddonna 


enable secretharrington 


10. Save your configurations. 


copy run start (or wr mem) 


Comparing Models 


“Dep ISO IEEE 


Never Ignore Teacher's Advice ("DoD Divides Network Interface 
Please Do Not Threaten Support People Again into Physical and Data Link) 


Cisco Configuration Register 
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Part l: Protocol Characteristics and Tools 


Chapter 1 Shooting Trouble 
Chapter 2 What's in Your Tool Bag? 


Chapter 1. Shooting Trouble 


This chapter serves as the basis for the troubleshooting exercises throughout this book. In 
addition to a solid understanding of specific technologies, effective troubleshooting requires that 
you follow consistent procedures that are based on industry standards and reliable methods. The 
Open System Interconnection (OSI) model and the TCP/IP suite can help you methodically divide 
and conquer a problem or learn a new internetworking topic (by taking a layer-by-layer 
approach, for instance). This chapter presents an introduction to troubleshooting; a review of 
standards, protocols, and industry models; and practical troubleshooting, including baselining 
and documentation techniques. These standards, models, and techniques are covered in this 
chapter so that you can refer to them as you work through the specific troubleshooting tasks in 
this book. This chapter includes a Trouble Ticket designed to give you practical experience in 
solving real-world issues using Cisco's troubleshooting approach. 


This chapter covers the following topics: 


e Do You Shoot Trouble or Does Trouble Shoot You? 
e Standards and Protocols 
e Models and Methods 


e Practical Troubleshooting 


Do You Shoot Trouble or Does Trouble Shoot You? 


Troubleshooting is all about reducing guesswork and eliminating the obvious. Following a 
systematic method is essential during the troubleshooting process. Methodical problem solving is 
the core of the CIT course, the CCNP Troubleshooting test, and this book, regardless of technical 
intricacies. Many times, whether or not you use a systematic method determines if you shoot 
trouble or if trouble shoots you. 


Shooting trouble is often about questions. Do you ask the equipment or the user? Who is waiting 
for the results? What has happened? When did it occur? Why? Where did it happen? Are you 
using 10/100-Mbps Ethernet to the desktop; 155-Mbps ATM; or carrier services such as cable 
modems, digital subscriber line (DSL), wireless, ISDN, Frame Relay, Switched Multimegabit Data 
Service (SMDS), ATM, or long-haul Ethernet? The protocols, technologies, media, and topologies 
entail lots of complexity and the only thing constant is change. So where do you begin? 


NOTE 


Appendix A material from the Cisco instructor-led Cisco Internetwork Troubleshooting 
(CIT) course for the CCNP Support exam is covered throughout this chapter and in 
more detail in the relevant chapters of this book. Consider this chapter fertile with test 
material; even more importantly, it makes an excellent practical review. 


The first topic is standards and protocols. Think back for a moment to the last time you chatted 
with a friend. Certainly you and your friend had something to share, regardless of the method 
used to communicate. If you made a phone call, you were listening to each other talk. If you 
sent an e-mail or used a chat client, you were sending data back and forth. Whether it was your 
home phone, wireless phone, or PC, communications media was in place nonetheless. | assume 
that you waited for the friend to say hello first and that you took turns talking. You spoke the 
same language or understood multiple languages. Hopefully, you were polite enough to not talk 
while the other person was talking. You may have had to troubleshoot some issues while talking 
with the friend. Perhaps a lightning storm hit your phone line or you dialed the wrong number. 
Maybe you didn't pay your phone bill and the service was turned off. The friend may not have 
answered or the phone may have been busy. Maybe your friend had caller ID and picked up 
right away because it was you. Regardless of your exact scenario, throughout the contact you 
had to decide your next step. 


NOTE 


Continue to think about your communications with your friend as you read through this 
chapter. You may begin to see how a different perspective or an analogy can help you 
to simplify complex topics. Throughout this book, | include occasional analogies | have 
found to be very helpful to my students learning in the classroom. 


Standards and Protocols 


Communication rules are referred to as standards and protocols. Playing with the right rules to 
the game normally means you are more apt to communicate well in the networking game. 
Standards are rules, conditions, and requirements that can be de jure, de facto, proprietary, or 
open.De jure standards are official; by legislation they are endorsed by a standards body, such 
as those listed in Table 1-1. 


Table 1-1. Standards Bodies 


Standards Body Acronym Examples 
American National Standards Institute ANSI Cc 
www.ansi.org Cobol 

Fortran 

X3T9.5 
International Telecommunication Union ITU V.22 
www.itu.int V.32 

V.34 

V.42 
Institute of Electrical and Electronic | EEE 802.2 LLC] 
Engineers 


802.3 Ethernet 


standards. ieee.org 
802.5 Token Ring 


www.ieee.org 
International Organization for ISO(notan | OSI 
Standardization acronym) 
IS-1S 
www.iso.org 
Electronic Industries ELA/TIA EI A/TIA 568 Commercial Building 
Alliance/Telecommunications | ndustry Telecommunications Wiring 
Association Standard 
www.eia.org RS-232 
www.tiaonline.org ELA/TIA 232 
Internet Engineering Task Force |ETF RFCs 


www.ietf.org 


Internet Assigned Numbers Authority IANA Port and protocol numbers 


www.iana.org 


(*] LLC = Logical Link Control 


TCP/IP and OSI are examples of nonproprietary open standards that are widely used today. 
Standards are wonderful things; that's why we have so many. Webopedia 
(www.webopedia.com) defines standard as a definition or format that has been approved by a 
recognized standards organization or is accepted as a de facto standard by the industry. 
Standards exist for programming languages, operating systems, data formats, communications 
protocols, and electrical interfaces. 


As an example of an evolution of technology through standards, consider the creation of the 
Internet. According to "20 Questions: How the Net Works," by Scot Finnie at 
www.scotfinnie.com/20 quests/hownet.htm#Q1, no one person or group can claim this fame; 
however, in 1962 a series of memos discussed the "Galactic Network Concept" from MIT's J.C.R. 
Licklider. Licklider later became the head of the Department of Defense (DoD) Advanced 
Research Projects Agency (ARPA). TCP/IP research began in 1961, and in 1967 ARPA's Lawrence 
Roberts published his plan for the worldwide network. Tests were conducted for several years, 
and e-mail and the Internet made their first public appearances in 1972. TCP/IP protocols and 
services made their way into the network in the 1970s. The World Wide Web (WWW) was born 
in the late 1980s. The National Science Foundation (NSF) took over the management of 
ARPANET in 1990. In the mid-1990s, NSFnet was turned over to a consortium of public providers 
we know today as Internet service providers (ISPs). Many standards bodies are responsible for 
the Internet's existence and maintenance, including the following: 


e Internet Society (ISOC), which includes the Internet Architecture Board (IAB) for broad 
direction and overall architecture and the Internet Engineering Steering Group (IESG). 


e Internet Assigned Numbers Authority (IANA) and Internet Network Information Center 
(InterNIC) for IP addresses, domain names, and other numbers. 


e World Wide Web Consortium (WC3) for HTML and web standards. 

e Internet Engineering Task Force (IETF) for RFCs and smooth operations. 

e Internet Research Task Force (IRTF) for ongoing research. 
TCP/IP open standards (nonproprietary) are based on Request For Comments (RFCs); whereas, 
proprietary standards are vendor-specific. Refer to www.rfc-editor.org to read RFCs and for 


more detail on the RFC process, including a tribute to Jon Postel who was the RFC Editor. Figure 
1-1 shows the RFC Editor. Also refer to www.ietf.org/rfc¢/rfc2026.txt for particulars. 


Figure 1-1. RFC Editor 
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Anyone can propose a new standard, which then goes through various levels toward maturity. 
All RFCs start out as drafts, but not all drafts mature to RFCs. When published, RFCs do not 
change. Updates get a new RFC number. You can review private addressing in RFC 1918, for 
example, which obsoletes the original RFC 1597. 


De facto standards include examples such as the Hayes command set for controlling modems, 
the Kermit and Xmodem communications protocols, and the printer control language (PCL) and 
postscript for laser printers. Although numerous de facto standards may have started as 
proprietary implementations, by the time they are regarded as de facto standards there are 
many different vendor implementations. One example of this is quite relevant to Chapter 7, 
"Shooting Trouble with VLANs on Routers and Switches"; the example is the two different ways 
that Ethernet trunking can occur: 


e InterSwitch Link (ISL), which is the Cisco proprietary method 
e 802.1Q, which is the l|EEE standard 


Standards are important. They enable different people (and different vendors) to approacha 
task in a similar way to achieve a similar solution that works. Standards can be categorized by 
how they are recognized: proprietary or open. Proprietary beginnings tend to produce de facto 
standards (Hayes, Kermit, and PCL). Open beginnings tend to produce de jure standards (TCP/IP 
and RFCs). If it is truly a proprietary solution and other vendors cannot use it, it probably is not 
a standard. A standard really refers to a solution available to multiple vendors. 


Now that! have defined standards and the standards process, what about the need for 
protocols? Communications protocols are rules governing the transmitting (Tx) and receiving 
(Rx) of data so that different end systems or applications can communicate with one another. A 
protocol is an agreed-upon format for transmitting data between two devices. The protocol 
determines how the sending and receiving devices communicate, such as the indicator for 
sending and receiving a message. The protocol also defines the type of error-checking and data- 
compression methods if any are used. 


Examples of protocol suites include TCP/IP, OSI, |EEE, AppleTalk, DECnet, Novell Internetwork 
Packet Exchange (IPX), and |BM Systems Network Architecture (SNA). A protocol suite or stack 
is like many subcontractors building a house. Brick layers take care of the foundation, the 
electricians put in the wires, the plumbers install the pipes, the framers frame it up, roofers 
carry out their part, and finally the homeowners do their own finishing touches. In networking, 
different protocols operate at each layer to carry out fundamental functions such as 
encapsulation, segmentation and re-assembly, connection control (connection- oriented or 
connectionless), flow control, error control, multiplexing, and delivery. 


These protocols use rules to dictate how communication is established. Unless everyone plays by 
the same rules, communication is not possible. As a fun demonstration of the importance of 
standards and protocols, | gave several groups of technology students a card game to play. The 
rules were on a piece of paper given to each group. Unbeknownst to them, each group was given 
a Slightly different set of rules. (One sheet said ace is high, another said the joker is a wildcard, 
and yet another said joker loses.) Each group was instructed to play by the rules and not to talk. 
When they were comfortable in their own little groups of four or five, | moved one person from 
each team to another group. It was chaos, to say the least, as they tried to play the game with 
different understandings of the rules. They finally figured it out and agreed that a standard set of 
rules (protocol) is definitely beneficial. 


NOTE 


Understanding standards and protocols and their layered approach will assist you in 
applying internetworking skills and shooting trouble in a practical environment. In 
addition, with such understanding you will be on your way to passing many 
certification tests. 


Models and Methods 


Models are guidelines for communications and methods for troubleshooting. This section covers the 
model, the DoD's TCP/IP suite, and Cisco's seven-step approach to troubleshooting. 


The OSI Model 


You have probably dealt with the OSI model more times than you care to remember. Hopefully, ho 
review will make the OSI model meaningful to you. Use it to troubleshoot the practical lab scenaric 
as well as to understand and review internetworking topics. 


1SO began work on the OSI model in the late 1970s and published the OSI reference model in 198: 
interoperability among vendors. It is one of the best troubleshooting models around, and every cer 
vendor will test to make sure you are an expert in this area. Be aware, however, that every vendor 
approach to OSI. (I write from experience here; | have been heavily involved in not only Cisco, bul 
Microsoft, Novell, and CompTIA (A+/Network+) certification course delivery over the years.) 


Although the focus here is on understanding the OSI model and using it to troubleshoot, the OSI rr 
other benefits as well (such as interoperability and standardization, and it enables you to subdivide 
tasks without having to alter other layers). For example, network interface card (NIC) vendors real 
to be concerned with what upper-layer applications and protocols run over the hardware. However 
must be concerned with LAN technologies such as Ethernet, Token Ring, and what physical specific 
and connectors) to follow. 


Please Do Not Threaten Support People Again 


| love mnemonics. They may seem simple, but they can be surprisingly effective in helping commit 
memory. In this case, PleaseDoNotThreatenSupportPeopleAgain is a tool to help you remember tt 
layers of the OSI model, as displayed in Table 1-2. Note the layers and protocol data units (PDUs) 
Although often referred to as just plain old packets, PDUs actually came from the ISO. 


Table 1-2. OSI Layers and PDUs 


OSI Layer Number OSI Layer Name PDU 

7 Application Messages (data, voice, video) 

6 Presentation Messages (data, voice, video) 

5 Session Messages (data, voice, video) 

4 Transport Segments (TCPL*])/datagrams (UDPI*]) 
3 Network Packets/datagrams 

2 Data Link Frames 

1 Physical Bits 


(*] TCP = Transport Control Protocol 


(*] UDP = User Datagram Protocol 


Take each layer and examine the services provided to or from the next layer. It is helpful to draw < 
end systems communicating to understand the layers. (See Figure 1-2.) Often you miss a lot of im 
to-host activity if you look only at the source or the destination host of one protocol stack. Figure 1 
GroupWise hosta, which sends e-mail to Exchange hostb. The general layered approach is presente 
the application details. 


Figure 1-2. End-System Data Flow 
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GroupWise hosta Exchange hostb 


Notice how the source GroupWise hosta encapsulates the message as it works its way from Layer 7 
across the wire. Assuming that the destination Exchange hostb is on another network, lots of encar 
encapsulation occurs between Layers 1 through 3 until the packet gets to the destination host (rou 
operations). The destination host pulls the frames off the wire and processes (de-encapsulates) the 
stack from Layer 1 to Layer 7 so that the e-mail application can read the e-mail. The processing in 
necessary re-ordering and re-assembly of packets that result from packet routing and fragmentati« 


Understanding a layered approach and packet flows is critical to being a good troubleshooter. That 
put all that theory stuff in their courses. If you don't know how things work correctly, how in the w 
know what is wrong? End system-to-end system Exchange and GroupWise messaging is the main 
share with students in many of my classes. Take a look again at Figure 1-2 and then at Figure 1-3 
encapsulation) to review the packet flow and layer operations. For more detail, refer to materials o 
CCNP from Cisco Press and other publishers. | particularly like J eff Doyle's Routing TCP/IP, Volume 
think they belong on everyone's shelf. 


Figure 1-3. Encapsulation 
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Encapsulation (framing) is like wrapping presents for someone else so that he or she can tear the v 
paper off. Another analogy many people use when referring to encapsulation is that it is like writin: 
stuffing the letter in an |P envelope to be delivered to a destination. Think of encapsulation as plac 
your mailbox and putting the flag up to let the postal worker know to pick up and deliver the letter 
will help you analyze the fields of the IP header in Chapter 3, "Shooting Trouble with IP." Each hop 
device) along the way strips off the packaging (Layer 2 framing/ encapsulation) and repackages (Le 
framing/encapsulation) for the next hop closer to the destination (Layer 3). Figure 1-3 illustrates tl 
encapsulation /de-encapsulation process for Ethernet, including the destination address (DA), sour 
(SA), type or length field (T/L), and the frame check sequence (FCS), all of which are examined in 
Chapter 5, "Shooting Trouble with Ethernet." 


Each layer adds a header, which is nothing more than a Set of instructions for its peer layer. With 1 
example, the upper-layer messages (data, voice, or video packets) get encapsulated (stuffed) insic 
segment or UDP datagram at the Transport Layer for delivery. The Transport Layer segment (conn: 
oriented) or datagram (connectionless) gets encapsulated (stuffed) inside of the Network Layer IP 
datagram (connectionless). The number of segments sent before acknowledgement is required ma’ 
(windowing). The IP packet gets encapsulated (stuffed) inside of the Data Link Layer frame. In Eth 
instance, the preamble (PRE) starts the frame and the trailer (cyclic redundancy check [CRC] or FC 
frame. If necessary, an Address Resolution Protocol (ARP) packet is broadcast (local broadcast) to 
destination IP address (Layer 3) to its equivalent Media Access Control (MAC) address (Layer 2). If 
destination host is on the same subnet, the MAC is the destination host's address. If the destinatior 
different subnet, the resulting resolution is generally the default gateway (local router interface) M. 
ARP is not necessary across a Serial point-to- point link because it is not a broadcast segment like E 
IP packet destination IP address doesn't change during normal destination-based routing; however 
MAC addresses change each hop along the way. 


NOTE 


The preceding paragraph discusses IP, but this layered approach certainly applies to various ¢ 
stacks (such as Novell IPX, IBM SNA, AppleTalk, and so on). 


Networking is limited by the standards that prevail. Even though 10-MB, 100-MB, and Gigabit Ethe 
are available today, for example, the frame size is still limited to 1500 bytes. What if everything dc 
the frame? Think of it like sending a box of Christmas gifts rather than just a Christmas card. You ¢ 
bigger box to put all the presents in or send lots of smaller ones. Just like the Christmas box, if eve 
doesn't fit in the frame, IP fragments the data into smaller packets (chunks) each hop along the we 
the frame type or the maximum transmission unit (MTU) set on the interface. The initial packet ID 
be randomly generated, but the subsequent packet IDs are sequential in nature for re-ordering anc 
purposes. Some Layer 3 protocols, such as |1PX, don't fragment the data at all. The Physical Layer 
(Os and 1s) to traverse the wire. A lot of activity occurs among the lower layers until the packets re 
destination host. 


De-encapsulation is like opening envelopes or presents. Each layer reads and carries out the instru 
peer layer, discards the header (instructions), and sends the packets up the stack for further proce 
layer receives services from the layer below and provides services to the layer above it. 


The following sections cover the OSI model layer by layer. It is assumed that you are somewhat fa 
layers and abbreviations and acronyms discussed with regards to each layer. If not, you can find 1 
information at websites such as www.acronymfinder.com, www.shoretraining.com, www.learntcpip. 
www.computerlanguage.com, www.whatis.com, www.amazon.com, www.certificationzone.com, and 
Wwww.cisco.com. 


NOTE 


Remember that protocols and applications are written to perform functions, and the focus her 
the OSI model as a model to understand and troubleshoot them. If you really want to know th 
technical details (for an engineering standpoint), you should read the |SO documents. 


Layer 7: The Application Layer 


Layer 7, the Application Layer, is all about servers providing services and users requesting to uset 
Servers provide shared services, such as file, print, message, database, network management, con 
and application services. Clients request the same services. This reminds me of going out to eat. TI 
hostess seats you with the menus, anda server comes to the table to take your order (providing y« 
services). You, aS a customer (client), order your food (request services) and indulge as usual. 


Application Layer examples include the user interface, X.400 Mail services, X.500 Directory service: 
Transport Protocol (SMTP), Internet Message Access Protocol (IMAP), Post Office Protocol (POP), Si 
Management Protocol (SNMP), FTP, TFTP, HTTP, telnet, Domain Name System (DNS), Bootstrap 

Protocol/ Dynamic Host Configuration Protocol (BOOTP/DHCP*), Network File System (NFS), gatew 
Gateway Protocol (BGP*), Routing Information Protocol (RIP*), and so on. Routing protocols are g 
thought of at the Network Layer (Layer 3). Because BGP operates over TCP port number 179 and F 
over UDP port 520, however, many people choose to list them here. DHCP operates over UDP port: 


NOTE 


Many different opinions exist as to how to best classify routing protocols. It is important to ker 


mind that many management and control type protocols obviously support Layer 3 functions r 
than transfer data. Examples include such services as DHCP, BGP, and RIP, which | have marl 
an asterisk (*) in the preceding paragraph. It is impossible to make everything fit nicely into t 


Layer 6: The Presentation Layer 


Layer 6, the Presentation Layer, is the translator. Presentation is everything. How about that big hi 
cheesecake for desert with strawberry glaze on the plate? The waiter wrote down your order, but c 
serving the desert interpret it? 


Think of translation from one application to another application (translation of, for example, such t 
character codes and syntax, encryption, and compression). In the Cisco environment, compression 
thought to relate to Layer 2; | will cover that detail in the WAN chapters (Chapter 8, "Shooting Tro 
Frame Relay," and Chapter 9, "Shooting Trouble with HDLC, PPP, ISDN BRI, and Dial Backup"). Pre 
Layer examples include ASCII, Extended Binary Coded Decimal Interchange Code (EBCDIC), Tagge 
Format (TIFF), Joint Photographic Experts Group (J PEG), Musical Instrument Digital Interface (MIC 
Audio Layer III (MP3), Moving Picture Experts Group (MPEG), Rivest Shamir Adleman (RSA), Data 
Standard (DES), Secure Sockets Layer (SSL), and Transport Layer Security (TLS). 


Layer 5: The Session Layer 


Layer 5, the Session Layer, is the operator or dialog layer. It establishes, maintains, and tears dow 
communication sessions within the operating system using protocols such as remote-procedure cal 
Lightweight Directory Access Protocol (LDAP), Network Basic Input/Output System (NetBIOS), sock 
Message Block (SMB), or Network Control Program (NCP). Communications examples include the f 


e Simplex (one way, like a television or radio broadcast) 


e Half-duplex (one way ata time, like my Nextel walkie-talkie phone) 


e Full-duplex (simultaneous, like telephones and networks) 


NOTE 


The upper three layers of the OSI model are referred to as the Application Layer in the TCP/IP 
protocols. From a troubleshooting standpoint, these layers typically relate to software problen 
systems and name resolution issues. 


Layer 4: The Transport Layer 


Layer 4, the Transport Layer, is all about host-to-host delivery. This layer hides lower-layer proble 
layers in that it provides error detection and correction on the receiving end (host). In addition, it < 
re-assembles data for upper-layer applications based on various TCP and UDP port numbers. Appli 
multiplexing is common (just like when you press Alt+Tab to cycle through your open programs in 
example, you may be running a web browser (HTTP port 80), telnetted into a router (TCP port 23), 
configurations to a TFTP server (UDP port 69) or FTP server (TCP ports 20 and 21) all atthe same’ 


Normally, systems run out of resources before they run out of ports (pointers to applications). 


TCP and UDP are the most common examples at Layer 4 for TCP/IP; the equivalent | PX/Sequencec 
Exchange (SPX) transport is SPX. TCP is connection- oriented, which means the host must establish 
connection, such as a 3-way handshake, before communications can occur. Flow control occurs thr 
windowing, and TCP is reliable in that it uses acknowledgements (acks) and negative acknowledge 
UDP is connectionless, which means it does not require an established connection before communic 
occur. It is unreliable at the Transport Layer, which means that the reliability is left up to the Appli 
TCP is like the certified mail protocol; whereas, UDP is like the regular mail protocol. 


Routing protocols are generally thought of as relating to the Network Layer (Layer 3). Because Int 
Routing Protocol (IGRP, protocol number 9), Enhanced |GRP (EIGRP, protocol number 88), and Op 
Path First (OSPF, protocol number 89) operate side- by-side with TCP and UDP, however, they are ¢ 
as Layer 4 protocols. This leaves reliability up to the upper-layer protocols. 


NOTE 


Protocol numbers and port numbers are different. Port numbers link the Transport Layer to th 
layers. FTP is an application that operates based on TCP ports 20 and 21; TFTP is an applicatic 
operates based on UDP port 69. Protocol numbers link the Network Layer to the Transport Lay 
whereas service access points (SAPs) or type codes link the Layer 2 frame to point to Layer 3. 
access an excellent site for details on protocol and port numbers by the layers at 


www.networksorcery.com/enp/topic/ipsuite. htm. 


Layer 3: The Network Layer 


Layer 3, the Network Layer, is where routers or Layer 3 switches operate. By the way, Layer 3 swit 
routers, and Layer 2 switches are bridges. Path determination and routing is all about moving thin 
place to another. You do it every day with the telephone, mail, planes, trains, cars, boats, busses, 

so on. Do you take the fastest route, the best roads, the scenic route, or do you figure it out as you 
routing table directs the packets as to where to go and drops them in the bit bucket if it doesn't kni 
with them. Do you use a map (link-state routing protocols) or do you just stop at the gas stations 

(distance vector routing protocols)? Either way, your car or other form of transportation (routed p 
1P or |PX) carries you (the data) and any upper-layer instructions (headers) hop-by-hop to your de 
router strips off the old framing (Layer 2 packaging) and re-encapsulates the packet for the outbou 
according to the destination IP address in the data packet header. Layer 2 addresses change from 

but the Layer 3 addresses stay the same assuming normal destination-based routing. 


NOTE 


According to the ISO documents, routing protocols stand outside the basic protocol stack in a 
management plane and provide management services for the Network Layer. Although this di: 
focuses on the OSI model as a model, it is more than just any old model. It is a set of |SO doc 
Spend the money and read the ISO documents. Alternately, for a small fee you can subscribe 
www.certificationzone.com for some very comprehensive OSI study guides by Howard Berkow 
Katherine Tallis. 


As displayed in Figure 1-4, routers route using a hop-to-hop relay system to get packets one step « 
destination. Routers accept a frame on one interface, strip off the Layer 2 header, and select an ou 
interface closer to the destination. The router adds a new Layer 2 header (re-encapsulates the pact 
switches (forwards) from the inbound interface to the outbound interface within the router to trans 
packet. 


Figure 1-4. Routing and Switching Process (Within the Router, 


Inbound Interface 


Oulbound Interface 


Figure 1-4 illustrates how the router accepts the Ethernet frame on inbound interface e0 and strips 
2 Ethernet frame leaving the upper-layer data intact. According to the destination IP address in the 
the router does a route table lookup to see which outbound interface will get the packet closer to it 
network. The router adds a new Layer 2 header to encapsulate the data and forwards it to its next 
reachability is not only a key point in getting packets to their destination network, it is also a key p 
troubleshooting. 


Routersroute to the destination network address. They buffer and switch packets from the inbound 
the outbound interface within the router. Performance is definitely affected by the switching type. F 
refers to when a router does a route table lookup for the first packet toward a destination and cach 
doesn't have to perform a route table lookup on each and every packet. (I magine the overhead if < 
actually performs a route table lookup on each and every packet, which is called process switching 
when you perform such tasks as debug commands.) Newer devices offer Cisco Express Forwarding 
switching type, whereby even the first packet gets cached. Remember these important points: Rou 
hop-to-hop, and routers switch from the inbound interface to the outbound interface of the router ¢ 
Chapters 6, "Shooting Trouble with CatOS and 10S," and 7, "Shooting Trouble with VLANs on Rout 
Switches," discuss switching types (architectures) in more detail. 


Much activity occurs at Layer 3. |P, the connectionless Internet Protocol, is the heart of TCP/IP-bas 
applications. Connectionless is unplanned and without prior coordination (as is UDP at Layer 4). Eé 
stands alone; no negotiation occurs. Think about this when you travel to various locations and mai 
people you haven't seen for a while. 


|1P and !1PX are routed protocols responsible for delivery of packets, including routing protocol pact 
based on!P and IPX respectively. Routing protocols exchange routes with other routers. Routed p 
deliver packets; they send user data. This section briefly reviews routing/routed protocols for trou 
purposes. 


NOTE 


Refer to the book CCNP Practical Studies: Routing (Cisco Press) or ACRC/BSCN/BSCl-related ¢ 
and books for more details on routing protocols. Although they all have good information, Bui 
Switched Cisco | nternetworks (BSCI) replaces Building Scalable Cisco Networks (BSCN), whicl 
Advanced Cisco Router Configuration (ACRC). 


Routed protocols transport packets through routers. Routing is a relay system, a hop-by-hop parac 
network to another. Routers filter based on Layer 3 logical network addresses. The router strips an 
Layer 2 framing according to the outbound interface. Route filters, such as access control lists (ACL 
distribution lists, route maps, and prefix lists, allow further filtering. 


TCP handles end-to-end connectivity, whereas the transport of the data is handled by the connectic 
router from the source to the destination makes a decision. 


Routing protocols route routed protocols. Routing protocols give directions; routed protocols carr’ 
Routing protocols are used by routers to exchange data. Table 1-3 gives a brief comparison of rou’ 


Besides learning from routing protocols, routers know about directly connected routes. Directly cor 
are like your arms and legs; they are attached networks. Basically, the router needs driving directi 
you and | need them. For example, you know where your immediate family and friends live. They 1 
same state, town, or even on the same street. You can also learn of other locations; perhaps the Ic 
looking for is right next door (directly connected routes), perhaps you look up an address on a wek 
Yahoo! Maps (link-state routing protocols), or perhaps someone else gives you directions (distance 
protocols). 


Table 1-3. Routing Protocol Comparison 


Feature IPRIP IGRP EIGRP OSPF 1S-1S E 
Open or Open Proprietary | Proprietary Open, but IP Open C 
Proprietary support only 
Network size Small Medium Large Large Very Large V 
Distance Distance Distance Advance Link-state Link-state P 
vector or link | vector vector distance 
state vector (Routing by (Routing by ( 
(Routing by (Routing (hybrid) map) rumor) b 
rumor) by rumor) a 
(Routing by Ss 
rumor) 
Interior or 1GP 1GP IGP 1GP IGP E 
exterior 
Updates 30-second 90-second | Triggered 224.0.0.5 Triggered T 
broadcast broadcast | updates updates U 
updates RIPv2 updates 224.0.0.6 u 
is 224.0.0.9 224.0.0.10 Link-state 
Link-state Packets 
packets 


Port or UDP port 520 | Protocol Protocol Protocol Protocol | T 
protocol number 9 | number 88 number 89 
number CLNP (81) 
ES-ES (82) 
IS-IS (83) 
IP (CC) 
Administrative | 120 100 90/170 110 115 2 
distance 
Metrics Hop count Bandwidth | Bandwidth Cost Default A 
(optional) 
Delay Delay Delay Expense | V 
Error 
Reliability | Reliability L 
Load Load iN 
MTU MTU C 
(BigDogs | (BigDogs A 
ReallyLike | ReallyLike 
Meat) Meat) N 
C 
C 
Algorithm Bellman-Ford | Bellman- DUAL Dijkstra/SPFLEl  Dijkstra/S Ss 
algorithm Ford algorithm algorithm algorithm p 
algorithm 
Support for VLSM and N/A VLSM and VLSM and VLSM and A) 
VLSMLland summarization summarization Summarization summarization |s 
summarization | (in RI Pv2) 
Automatic Manual 
classful summarization 
summarization | at 
by default ABRL4)ASBREEL 
Manual only 
summarization 
per interface 


* 


* 


* 


SPF = Shortest Path First 


AS = Autonomous system 


*] ABR = Area Border Router 


*] VLSM = Variable-Length Subnet Masking 


ASBR = Autonomous System Boundary Router (or Border) 


The routing table is also populated by static and default routes, which are not always automatically 
to other routers by default. Default routes are very useful in stub network scenarios where there is 
in and one way out. Static and default routes can eliminate routing update traffic in many cases—b 


tricked into packets getting sent but not returned because they don't have a return route. 


At this point in your CCNP preparation, you should be very comfortable with routing, |P addressing 
and summarizing. The labs in later chapters will certainly determine whether you have mastered tt 
In the meantime, some |P examples appear here for your review. 


1P version 4 mathematically allows for 4.2 billion addresses (232). Base 2, 32-bit, dotted-decimal a 
as 172.16.1.1 are used. Figure 1-5 shows all 4 octets, which are comprised of a total of 32 bits (8 
common to see the subnet mask listed as /number in the routing table to illustrate the number of r 
the mask (as shown in the bitwise notation row). The next row is a power of two for the binary pla 
last row is the decimal equivalent or base 10 representation of the binary place value above it. Use 
such as this to assist you with subnetting and summarizing. 


Figure 1-5. Binary Place Values 


[View full size image] 
(8 Bits) (8 Bits) (8 Bits) (8 Bits) 


Network Host 


NOTE 


IP version 4 addresses are ina 4-octet, dotted-decimal, 32-bit format, whereas version 6 is 1: 
written as 8 groups of 4 hex digits separated by colons (such as 
0000: AAAA: 1111: BBBB: 2222: CCCC: 3333:DDDD). 


By the way, IP version 4 still has a long life ahead of it because of address-exhaustion solutions su: 
addresses, proxy servers, Network Address Translation (NAT), and Classless Interdomain Routing | 
valid public address, contact your ISP or www.arin.net in the Americas for details. ARIN is one of tl 
regional internet registries the authority in the U.S. RIPE NCC is for Europe, the Middle East, North 
parts of Asia. APNIC is the Asia Pacific Network Information Centre. 


Private addresses are not routed on the Internet and fall within the following ranges: 


e 10.0.0.0/8 


e 172.16.0.0 through 172.31.0.0/12 


e 192.168.0.0 through 192.168.255.0/16 


NOTE 


Private addresses are used throughout the rest of the chapters so that | don't step on anyone’ 


Table 1-4 displays Class A, B, and C addresses, which are available for hosts, and also shows Class 
addresses, which are reserved for other purposes. Notice the pattern of 0, 10, 110 in the first octe’ 
You may be familiar with the Jackson 5 "A-B-C" song; the first octet follows that tune precisely: "A 
as 1-2-3..." where the 1-2-3 is the bit position of the 0. (Thank you Glenn Tapley.) 


Table 1-4. Classes, Masks, Networks, and Hosts 


First Octet Binary | First Octet Default or Natural Number of Nur 
Class | Range Decimal Range Mask Networks Hos 
A 00000001 1-127) /8 126 16,; 
01111111 255.0.0.0 222 2= 
(251 
256 
B 10000000 128-191 /16 16,384 65;5 
10111111 255.255.0.0 Zi 216 
(251 
C 11000000 192-223 /24 2,097,152 254 
11011111 255.255.255.0 221 28 - 
(251 
D 11100000 224-239 Multicast 
11101111 
E 11110000 240-255 Experimental 
11111111 


(*] 127.0.0.0/8 denotes loopback addressing 


Table 1-4 illustrates the classes of networks. It is essential to recognize the class by the first octet 

you are familiar with the default or natural mask. When subnetting, you must borrow bits from the 
if you know the default mask, the host portion is where the 0 bits are. For example, 10.0.0.1/8 is < 
address with a default subnet mask of 255.0.0.0 or /8. If you need more networks, you subnet by | 
required number of bits from the host octets 2, 3, and 4 contiguously. To determine the number of 


borrow, use the following formula: 
2% >= the number of subnets you need 


Solve for x to know how many bits to borrow. It is not wrong to use the formula 2* - 2, but the mil 
0 subnet and the all 1s subnet (broadcast), which are certainly valid today. Suppose you need 250 
formula to solve is 2% >= 250. In this example, you borrow 8 bits to give you a new subnet mask c 
or /16. The class is still a Class A, however, not a Class B. 


Default subnet masks, class ranges, networks, hosts, and their associated logical addresses are im 
practical topics that will help you with troubleshooting. Shortcuts are nice, but the binary really tel 
outwww.learntosubnet.com for a refresher on subnetting and Chapter 3 of this book for practical a| 
thereof. In the meantime, look at a couple of examples of subnetting and summarization here. Pra 


perfect, and Cisco tests aren't as lenient as others in allowing you to use a calculator. Use Figure 1. 
1-4 to assist in your calculations. 


1. How many hosts are on 172.16.0.0/16? What are they? 

Answer: 172.16.0.0 is one big network (broadcast domain) with 65,534 hosts (216 - 2). The first 
172.16.0.1. The last host is 172.16.255.254, and the broadcast is 172.16.255.255. The binary repr 
this is critical to understanding bits and boundaries. Often it is helpful to write out the hosts in ranc 
the following: 

e 172.16.0.1 through 172.16.0.255 

e 172.16.1.0 through 172.16.1.255 

e 172.16.2.0 through 172.16.2.255 

e 172.16.255.0 through 172.16.255.254 

e 172.16.255.255 (broadcast) 
Figure 1-6 illustrates the calculations using binary place values. Notice how the first host is the net 


plus one; the broadcast address is the same as turning all bits on (1) for the hosts portion; and the 
the broadcast address minus one. 


2. How many networks and hosts are on 172.16.0.0/24? What are they? 


Figure 1-6. Binary Place Values (Question 1 Answer) 


View full size image 
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(Broadcast Domain) 2'8-2 = 65,534 
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1 
W216200 206 0... a Bt ste 


Answer: 172.16.0.0 is 1 subnet (broadcast domain) with 254 hosts (28 - 2). The first host for this 
172.16.0.1. The last host for this subnet is 172.16.0.254, and the broadcast address is 172.16.0.2! 
representation of this is critical to understanding bits and boundaries. Often it is helpful to write ou 
ranges, such as the following: 

e 172.16.0.1 through 172.16.0.254 (hosts on subnet 172.16.0.0/24) 

e 172.16.0.255 (broadcast on subnet 172.16.0.0/24) 
This is a Class B address with a default subnet mask of /16. The given mask is /24, which means tt 
were borrowed to provide more networks (subnets). This is subnetting. There are 28 = 256 availab 
this scenario with 254 hosts (28 - 2) on each one. These subnets increment by 1 because the lowes 
bit is in the 1 or 2° binary position. The next two subnets are 172.16.1.0/24 and 172.16.2.0/24. 


UseFigure 1-7 to verify your calculations and to relate the following general rules: 


e The rightmost available host bit is turned on (1) for the first host. All other host bits are off (C 
e The rightmost available host bit is turned off (0) for the last host. All other host bits are on (1 


e All host bits are on (1) for the broadcast address. The broadcast for a subnet is one less than 
subnet. 


e Subnets increment by the lowest 1 bit (rightmost bit) in the mask. The subnet increment and 
subnets are circled in Figure 1-7. 


Figure 1-7. Binary Place Values (Question 2 Answer) 


[View full size image] 
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3. How many networks and hosts are on 172.16.1.4/30? What are they? What is the next availa 


Answer: 172.16.1.4 is one subnet (broadcast domain) with two hosts (22 - 2). The first host for tt 
172.16.1.5. The last host for this subnet is 172.16.1.6, and the broadcast address is 172.16.1.7. Tl 
representation of this is critical to understanding bits and boundaries. Often it is helpful to write ou 
ranges, such as the following: 


e 172.16.1.5 through 172.16.1.6 (hosts on subnet 172.16.1.4/30) 

e 172.16.1.7 (broadcast on subnet 172.16.1.4/30) 

e 172.16.1.8/30 (next subnet) 
This is a Class B address with a default subnet mask of /16. The given mask is /30, which means tt 
bits were borrowed to give more networks (subnets). This is subnetting. There are 214 = 16,384 pc 
in this scenario with 2 hosts (22 - 2) on each one. The subnet increment is circled in Table 1-5. The 
increment by 4 because the lowest 1 (network) bit is in the 4 or 22 binary position. The next two st 


172.16.1.8/30 and 172.16.1.12/30. The shading in Table 1-5 indicates the subnet portion. Only the 
shown. 


Table 1-5. Binary Place Values for the Last Octet (Question 3 Ansv 


Subnet Subnet Subnet Subnet Subnet Subnet Hosts Hosts 
/25 / 26 /27 /28 /29 /30 /31 /32 Mi 
(B 
128 192 224 240 248 a, 254 255 Me 
27 26 25 24 23 22 21 20 Bi 
128 64 ge 16 8 @ 2 1 Su 
INC 
0 0 0 0 0 il 0 0 (S 
17 
0 0 0 0 0 1 0 1 (F 
17 
0 0 0 0 0 dl 1 0 (Li 
17 
0 0 0 0 0 ll 1 1 (B 
17 
0 0 0 0 1 0 0 0 (S 
17 
0 0 0 0 1 0 0 iL (F 
17 
0 0 0 0 1 0 1 0 (Li 
17 
0 0 0 0 1 0 1 1 (B 
17 
0 0 0 0 1 1 0 0 (S 
17 


4. How many networks and hosts are 0n 10.1.1.0/28? What are they? List the hosts and broadcé 
the next available subnet. 


Answer: 10.1.1.0 is 1 subnet (broadcast domain) with 14 hosts (24 - 2). The first host for this suk 
10.1.1.1. The last host for this subnet is 10.1.1.14, and the broadcast address is 10.1.1.15. The bil 
representation of this is critical to understanding bits and boundaries. Often it is helpful to write ou 
ranges, such as the following: 


e 10.1.1.1 through 10.1.1.14 (hosts on subnet 10.1.1.0/28) 


e 10.1.1.15 (broadcast on subnet 10.1.1.0/28) 


e 10.1.1.16 (next subnet) 


e 10.1.1.17 through 10.1.1.30 (hosts on subnet 10.1.1.16/28) 


e 10.1.1.31 (broadcast on subnet 10.1.1.16/28) 


e 10.1.1.32 (next subnet) 


This is a Class A address with a default subnet mask of /8. The given mask is /28, which means thé 
were borrowed to give more networks. This is subnetting. There are 22° = 1,048,576 possible subn 
scenario with 14 hosts (24 - 2) on each one. These subnets increment by 16 because the lowest 1 ( 
is in the 16 (24) binary position. The next two subnets are 10.1.1.16/28 and 10.1.1.32/28. The she 


1-6 indicates the subnet portion. Only the last octet is shown. 


NOTE 


If you have ever taken any of my classes, you know that all 4 octets with all 32 bits get drawr 
board first. Then | write out only the octets where the mask is less than 255 or 8 bits. One stu 
suggested | actually write the last 2 octets on the back of my business card and hand them ou 
future students. 


Table 1-6. Binary Place Values for the Last Octet (Question 4) 


Subnet Subnet Subnet Subnet Hosts Hosts Hosts Hosts 
/25 /26 /27 /28 /29 /30 /31 /32 N 
( 
128 192 224 240 248 252 254 255 iV 
(I 
27 26 25 24 23 22 21 2° B 
128 64 32 (©) 8 4 2 1 S 
ir 
0 0 0 (0) 0 0 0 0 (! 
1 
0 0 0 (0) 0 0 0 1 (| 
1 
0 0 0 (0) 1 1 1 0 (I 
1 
0 0 0 (0) 1 1 1 1 (I 
1. 


0 0 0 1 0 0 0 0 (: 
1 
0 0 0 1 0 0 0 1 (I 
1 
0 0 0 1 1 1 L 0 (I 
1 
0 0 0 1 1 1 1 al (I 
1 
0 0 0 0 0 0 0 (! 
1 


5. Assuming you have all point-to-point serial links to assign addresses to and that you are give 
10.1.1.0/28, can you squeeze any more subnets out of it? If so, how many and what are they 
called? 


Answer: VLSM is just subnetting again. You move the bit boundary to the right to get more s 
example, the subnet boundary is at /28. Because point-to-point serial links never need more ' 
addresses, you can borrow out to a/30 or 255.255.255.252 subnet mask. This gives 2? = 4 V 
(0, 4, 8, and 12) with 2 hosts each. Caution: No overlap is allowed with VLSM! If subnet 0 ha: 
assigned, for instance, you cannot subnet that subnet. VLSM is common practice on WAN link: 
routing protocol must support it. 


e 10.1.1.0/30 (VLSM subnet) 


e 10.1.1.4/30 (VLSM subnet) 


e 10.1.1.8/30 (VLSM subnet) 


e 10.1.1.12/30 (VLSM subnet) 


Table 1-7 illustrates subnet 10.1.1.0/28, its VLSM subnets (0, 4, 8, 12), and its hosts. The first hos 
subnet 0 is 10.1.1.1/30, for example, the last host is 10.1.1.2/30, and the broadcast is 10.1.1.3.3¢ 
VLSM subnet is 10.1.1.4/30. Its first host is 10.1.1.5, the last host is 10.1.1.6/30, and the broadca 
10.1.1.7/30. The next VLSM subnet is 10.1.1.8/30 and so on. The lighter shading indicates subnets 
darker shading indicates VLSM subnets. 


Table 1-7. Binary Place Values for the Last Octet (Question 5) 


Subnet | Subnet | Subnet | Subnet 
/25 /26 1/27 /28 
128 192 224 240 


Hosts | Hosts 
/31 /32 Mask | 
254 255 Mask ( 


27 (26 25 24 
128 64 32 16 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 lo 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 
0 0 0 0 


20 Binary 

1 Subne 

0 (Subne 

10.1.1 

1 (First | 

10.1.1 

1 0 (Last F 
10:11 

1 1 (Broad 
10.1.1 

0 0 (Subne 
10.1.1 

0 1 (First | 
10.1.1 

1 0 (Last F 
10.1.1 

1 1 (Broad 
10.1.1 

0 0 (Subne 
10.1.1 

0 1 (First | 
10.1.1 

1 0 (Last F 
10.1.1 

1 1 (Broad 
10.1.1 

0 0 (Subne 
10.1.1 

0) 1 (First | 
10.1.1 

1 0 (Last ; 


10.1.1 


0 0 0 0 i il (Broad 
| 1014 


6. Summarize the following into the fewest number of statements possible. 


o 192.168.168.0/24 

o 192.168.169.0/24 

o 192.168.170.0/24 

o 192.168.171.0/24 

o 192.168.172.0/24 

o 192.168.173.0/24 

o 192.168.174.0/24 

o 192.168.175.0/24 
Answer: 192.168.168.0/21 
Table 1-8 illustrates the third octet in binary so that you can easily identify the best pattern as tos 
the fewest number of statements. As the darker shading shows, all bits match from bit /1 through, 
you can capture eight lines into one. Although not as efficient, you can summarize using two stater 


(192.168.168.0/22 and 192.168.172.0/22) or four statements (192.168.168.0/23, 192.168.170.0/ 
192.168.172.0/23, and 192.168.174.0/23). 


Table 1-8. Summarization (Question 6 Answer) 


Mask (Bitwise) Jam |) 738/739 720 
19200 24 


/22 /23 


Mask (Decimal) 


Binary Place 
Value 


Decimal Number 64 32 4 2 
168 ona: ~~. 
169 | | 
170 as: | 
171 0 1 
172 1 0 
173 | al 0 
174 ae 


175 Ss: 


NOTE 


If you think you need more review and practical application of subnetting, see Chapter 3. Add 
review the CCNA Practical Studies and CCNP Practical Studies: Routing titles as well as the 
www.learntosubnet.com website. 


So what else happens at Layer 3? IP is responsible for delivery and fragmentation at Layer 3 and it 
helper protocols to accomplish these tasks. Internet Control Message Protocol (ICMP) is for status i 
reporting. Address Resolution Protocol (ARP) resolves an IP address to MAC on a broadcast- based 

as a LAN. Network cards and router interfaces have burned-in addresses (BIAs) for the MAC. By th: 
not needed for |PX addressing because the MAC is the host address on the wire in Novell. ARP is al 
required on point-to-point media either. ARP is initiated with a local broadcast, but the reply is au 
of it this way: | have the IP, but | need the MAC. You experiment and learn a little more about ARF 
in the section titled "Protocols and Packets." Until then, think about what would happen in the follo 
circumstances: 


e Local ARP request— If you were to ping a host on a local network and look at the ARP cache 
what would you expect to see? 


e Remote ARP request— If you were to ping a host on a different network and look at the ARI 
would you expect to see? 


| would expect to see the host MAC address for the destination host in the ARP table for a local ARI 
were to ping a host on a different network and look at the ARP cache, however, | would expect to s 
address associated with the local interface of the router (default gateway). Learning to follow the 4 
beneficial in troubleshooting. 


Now turn your attention to RARP, which sounds like something out of the TV show Mork & Mindy. R 
Reverse Address Resolution Protocol. First there was RARP, then BOOTP, and now DHCP too. Youe 
in one of the later labs. 


NOTE 


The Transport Layer is often referred to as the host-to-host layer and the Network Layer as th: 
layer. If you can't ping the destination host but can ping another local host and your default g 
the problem may be in the path from the source to the destination. Use traceroute (tracert) 
you determine exactly where the problem is. 


Layer 2: The Data Link Layer 


Layer 2, the Data Link Layer, is where bridges and switches operate. Bridges and switches are cove 
more detail in Chapters 5,6, and 7. 


The | EEE Layer 2-defined sublayers include Logical Link Control (LLC) and Media Access Control (M 
represented in Figure 1-8. LLC is responsible for synchronization and connection services via Servii 
Points (SAPs) to the upper layers. MAC is responsible for physical (hardware) addressing, logical tc 
shared media access. 


Figure 1-8. LLC and MAC 
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SAPOS = IEEE 802.2 LLC TYPE 0800 
802.3 (Ethernet) | 802.5 (Token Ring)} Ethernet II (DIX) 


Various Media Types 


Digital Intel Xerox (DIX) Ethernet I] uses a Type field to point to the Layer 3 protocol (0800 is IP), 
802.3 Ethernet uses a valid length field and 802.2 LLC SAPs to link to the Layer 3 protocol. SAPs al 
software controls to manage multiple Layer 3 protocols. For example, the hex SAP value of 06 is a 
hex SAP value of e0 is a link to IPX. Table 1-9 provides more detail on LLC types. 


Table 1-9. LLC Types 


LLCType Connection Reliability Description 
LLC Type Connectionless Unacknowledged | Does not confirm data transfers 
. Used in LANs 
LLC Type Connection- Acknowledged Establishes logical connection and confirms dat 
2 oriented receipt 
Used in|IBM SNA 
LLC Type Connectionless Acknowledged Confirms data upon receipt but does not establ 
3 connection 
Used in factory automation 


| EEE-assigned MAC addresses are often referred to as hardware addresses, Layer 2 addresses, BIA 
addresses that are coded into the network card or interface on a router. A 3-byte |EEE-assigned Or 
Unique Identifier (OUI) is used to generate universal MAC addresses for vendors. Table 1-10 offers 
examples from Cisco, 3Com, Intel, DEC, and Madge. This is not by any means a comprehensive lis! 
www.ieee.org for more details. Download them all in a text file from standards.ieee. org/regauth/ o! 


Table 1-10. |EEE-Assigned MAC Addresses 


Vendor 


Identification (OUI) 


Cisco 


00-00-0C 


00-01-42 


00-01-43 


00-01-63 


00-01-64 


00-E0-F7 


00-E0-F9 


00-E0-FE 


08-00-58 


3Com 


00-01-02 


00-01-03 


02-C0-8C 


08-00-4E 


Intel 00-01-2A 
00-02-B3 
00-AA-01 
00-AA-02 
DEC AA- 00-00 


AA-00-01 
AA-00-02 
AA- 00-03 
AA-00-04 
Madge 00-00-6F 


00-00-C1 


00-80-E9 


The MAC sublayer is for taking turns on the wire as well as error checking and addressing. It is like 
on the medium. Table 1-11 provides a brief review of access methods. 


Table 1-11. Access Methods 


Access Description E 
Method 


CSMA/CDE! Polite conversation at a cocktail party. You listen (carrier sense) and if you and E 
another person talk simultaneously (multiple access), you both wait a random 
amount of time and talk again. | 


g 
CSMA/CAL**1 Collision avoidance A 
Signal the intent to transmit 
Token Passing Must hold the token to talk | 
R 
| 
~ 
A 
F 


(*] CSMA/CD = Carrier sense multiple access with collision detection 


[**] CSMA/CA = Carrier sense multiple access with collision avoidance 


Ethernet, whether a physical star or bus, uses the carrier sense multiple access collision detect (CS 
logical access method because logically it acts like a bus. Token Ring and FDDI use a token-passin¢ 
method ina logical ring topology over a physical star or ring. Collisions do not occur in Token Ring 
device must have the token to talk. Access methods are nothing you and | set; they are a function 
architecture, such as Ethernet or Token Ring, that allows devices to share the media. 


Topologies encompass the Data Link (logical) and Physical Layers. Ethernet is typically a physical s 
bus; whereas Token Ring is a physical star, logical ring topology. (See Figure 1-9.) 


Figure 1-9. Topology 
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The PDU for Layer 2 is frames. Control bits mark the beginning and end of frames just as picture fr 
the edges of a picture. Layer 2 is the LAN/WAN layer in many respects. You have seen how it allow 
devices to take turns on the media and how the network works (logical topologies). But how is the 
packaged at Layer 2? Figures 1-10 (Ethernet), 1-11 (Token Ring), and 1-12 (FDDI) show some ba: 
format (encapsulation) examples. Use the following legend for the abbreviations: 


Figure 1-10. Ethernet Frame Format 


PRE DA SA TAL DATA FCS 


PRE = Preamble 

DA = Destination address 

SA = Source address 

T/L = Type or length 

FCS = Frame check sequence 
DEL = Delimiter 


FS = Frame status 


Figure 1-11. Token Ring Frame Format 


Token Ring Frame Format 


START DEL | ACCESS CTRL | FRAME CTRL idl DATA 
DEL 


Figure 1-12. FDDI Frame Format 


DEL 


NOTE 


Ethernet dominates typical LAN topologies today and is further discussed in Chapter 5. 


While | discuss other Layer 2 activities, think back to the earlier analogy of the waiter who took yor 
you get the big-endian cheesecake or the little-endian cheesecake...ekaceseehc for desert? Big- end 
such as 1BM, RISC, and Motorola processors, read left to right, or high-order to low-order bits and 
endian systems, such as Intel processors and DEC Alphas, read right to left, or low-order to high-o 
bytes. Likewise, Ethernet is canonical and Token Ring is noncanonical. Use Table 1-12 to review th: 
calculations (base 16) used in Figure 1-13. Also remember that A = 10, B= 11, C=12,D=13,E 
15 in hexadecimal. 


Figure 1-13. Canonical Names 


Ethernet Is Canonical (LSB) 
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*Hexadecimal 0-9, A—F 


Table 1-12. Hex Place Values 


23 22 21 20 23 22 21 


NOTE 


According to www.whatis.com, "Big- endian and little-endian derive from J onathan Swift's Gull 
Travels in which the Big Endians were a political faction that broke their eggs at the large end 
primitive way") and rebelled against the Lilliputian King who required his subjects (the Little E 
to break their eggs at the small end." 


Figure 1-13 illustrates that Ethernet is canonical, and the least significant bit (LSB) is read first. In 
Token Ring is noncanonical, and the most significant bit (MSB) is read first. The picture also is a gr 
binary-to-hex conversion, but most people use calculators for that anyhow. 


NOTE 


Cisco offers a tool on their website that enables you to automatically convert canonical to non 
and vice versa. Search for the "bitswap tool" on www.cisco.com to see for yourself. 


Layer 1: The Physical Layer 


Layer 1, the Physical Layer, is all about the shape of the network. How things work is more a matte 
logical topologies, but Layer 1 is concerned with physical topologies such as star, bus, ring, or mes 
typically a physical star, logical bus (1OBASE-T/100BASE-T/1000BASE-T). Token Ring and FDDI ar 
wired as a physical star, logical ring. Without a concentrator, FDDI is truly a physical ring topology 


Hubs are Layer 1 devices that repeat or regenerate the signal to allow connectivity and assist with 
issues. Layer 1 devices just extend the network; they do no filtering. Hubs spit bits, including collis 
broadcasts. Switches (Layer 2 devices) assist with collisions and make filtering decisions based on 
addresses. Routers (Layer 3 devices or VLANs) assist with collisions and broadcasts; they make filt 
based on logical addresses. A collision domain is a separate CSMA/CD network in Ethernet or a ser 
Token Ring where devices are taking turns for use of the wire. Collision domains exist between twa 
devices and for each user-dedicated port on a switch. Broadcast domains are subnets in TCP/IP. Tr 
between routers and for each Layer 3 interface. Figure 1-14 shows collision domains and broadcas' 
Technically there are no collisions on the serial links, so you shouldn't count them as collision domé 


examineFigure 1-14. 


Figure 1-14. Collision and Broadcast Domains 
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“The broadcast domains assume one VLAN per switch here 


Hubs with any intelligence at all (such as multiple speeds or network management capabilities) are 
1 devices; they move up the OSI stack according to the built-in intelligence. Most people know huk 
as the same thing; however, repeater is an IEEE term. When selecting a hub or any connectivity de 
matter, consider network architecture (such as Ethernet or Token Ring, or FDDI; port density and : 
management; cable types; and modularity). 


Physical star topologies are easier to troubleshoot but take more cable. Failure of one device doesn 
interfere with another. If a user calls and says the network is down, you can start your troubleshoc 
the user and the hub or switch port connection. Switches are typically used rather than hubs today 
price per port is declining all the time. The big advantage is that each port is a separate collision di 
whereas all hub ports are in the same collision domain. After all, you don't need too many packet f 
unshielded twisted-pair cable is still by far the most common. 


Frozen yellow garden hose and vampire taps come to mind when | think of the old 1OBASE5 Etherr 
using RG-8 or RG-11 standard Ethernet coax cable rated at 50-ohms impedance. 10BASE2 could b 
depending on whether hubs are in the picture. Think of a two-pole clothesline setup on which you t 
clothes out to dry. The poles at each end are the terminators connecting one of the RG-58 family o 
Although inexpensive to implement, the disadvantages include heavy traffic patterns on the bus an 
troubleshooting, to say the least, unless you have a time domain reflectometer (TDR) to help you f 
within the coax cable. Without the proper test equipment, carrying the terminator from one station 
about as exciting as relocating your clothesline poles. Today the backbone is normally twisted- pair 
so these issues are not as relevant; be aware, however, that many certification tests think you sho: 
specifications. 


FDDI and Token Ring are typically a physical star, logical ring topology. The active monitor monito 
circulating around the ring. Problem isolation and network reconfiguration are issues. It used to be 


Ring wiring was all shielded twisted-pair Type 1, 2, 3, 6, and so on with hermaphroditic connectors 
primarily UTP with RJ-45 connectors. 


In meshes, fault tolerance may be maximized, but from the troubleshooting perspective, it is often 
refer to the mesh topology as the mess topology, and it is more often used for backup links on the 
example, ISDN backup for Frame Relay links). 


Installation, reconfiguration, and cost normally lead us to some hybrid of the preceding topologies 
environment. 


The PDU for Layer 1 is bits. Remember that the Physical Layer is responsible for transmitting bits ( 
coordinating rules for transmitting (Tx) and receiving (Rx) them. Mechanical, electrical, optical, an 
among the many specifications at Layer 1. Layer 1 is a good place for trouble to shoot you if you al 


NOTE 


| had to laugh at myself the other day when | connected my PC to the hub in the front of the c 
| had lights on the hub, but not on the PC dongle. "This is a little strange," | thought to myselt 
thought maybe! had the wrong cable type, because | didn't know what was on the other side 
wall. | thought | would eliminate the hub and plug directly into the wall. Neither a straight-thr 
a crossover cable worked. | even tried different cables. Finally | picked up the laptop PC, took 
another room, and connected it fine. So | returned to the classroom, connected up again, but 
dongle light. | decided to just test things from the laptop PC anyhow and found | could ping al 
the Internet, which is all | originally wanted to do. The funny part was that! had put a red mz 
dongle to trick a student who needed a little more of a challenge. Refer back to this scenario é 
discuss using models and methods to troubleshoot by the layers. 


Do you work with the physical aspects or is that done for you? (I have thrown brooms through the 
used slingshots to get the cable a little farther down the hall when | didn't have any other tools at | 
Because you are in a physical mindset at the moment, take a minute to look at a list of what uses 
Table 1-13). Only the active pins are displayed. 


Table 1-13. What Uses RJ -45? 


What Uses RJ -45? 


Active I 


10BASE-T Ethernet 


1-2 


3-6 


1OOBASE-TX UTP (2 pair Category 5)*1 


1-2 


3-6 


Token Ring 


4-5 


3-6 


Console cable 


All pins 


1-8 


4-5 


ISDN U (North America; U for unpowered) 


4-5 sing 


ISDN S/T 


1-2(pwr 
4- 5(dati 


7- 8(pwr 


(*] Although not commonly used, 100BASE-T4 uses 4 pair of Category 3, 4, or 5 cabling. 


Figure 1-15 shows the RJ -45 connector. When you point the clip toward the floor, pin 1 is on the le 


on the right. Compare it to the smaller RJ-11 connector. 


Figure 1-15. RJ-11 and RJ-45 Connectors 
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Back in the mid-1980s, companies were concerned with cabling standards in particular. ElA/TIA he 
permeated the cabling industry, particularly with ElA/TIA 568, and has very high recognition amor 
vendors alike. Various committees have developed cabling standards and continue to provide upda 
Technical Service Bulletins (TSBs) as the industry evolves. 568A and 568B are technically identical, 
verify in Table 1-14. 568B is very widespread because it is basically the same as AT&T 258A; howe 
allows two pairs for voice to make it a little more compatible in the telco environment. 


Table 1-14. 568A and 568B Standards 


568A (EI A/ Tl AWhere Orange and Green Are Reversed to 568B (The Old AT&T Standari 


Be More Compatible with Telco) Very Widespread Today) 
Pin Pin 
1 white/green (Rx+) 1 white/orange (Tx+) 
2 green (Rx-) 2 orange (Tx-) 
3 white/orange (Tx+) 3 white/green (Rx+) 
6 orange (Tx-) 6 green (Rx-) 
NOTE 


Although only one pair is used for Tx and one pair for Rx, the RJ-45 connector, which holds fo: 
(eight wires) is standard. Compare it to the RJ-11 connector back in Figure 1-15, which only ¢ 
holds two pair (four wires). 


Besides the connectors and the pinouts, the wire thickness varies too according to the American Wi 
(AWG). For example, one-pair UTP 16 AWG speaker wire for my outside BOSE speakers is much la 
four-pair UTP 24-gauge running my network. 


Figure 1-16 shows a DB-60 to DB-25 serial cable used for WAN connectivity. 


Figure 1-16. EI A/ TIA-232 Cable Assembly 
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Connectors Are Not to Scale 


Part ll, "Supporting IP and!PX," and Part Ill, "Supporting Ethernet, Switches, and VLANs," of this 
the Physical Layer and Data Link Layer as they relate to LANs/WANs in more detail. In addition, yo 
out the following cable sites on your own: 


e WwWww.cisco.com 
e www.belden.com 
e www.belkin.com 


e www.stonewallcable.com 


e WWW.amp.com 


Now look at some practical application of the Physical Layer. Do you know when to use a straight-t 
compared to a crossover cable? Perhaps a better question is what is a crossover cable? A straight-t 
is wired pin 1 to 1, 2 to 2, 3 to 3, and 6 to 6. A crossover is 1 to 3 and 2 to 6; it crosses between a 
Generally speaking, unlike devices require a straight-through cable, whereas like devices require a 
cable. Repeat this rule to yourself as you review Table 1-15. As with any rule, exceptions apply. Th 
the cable documentation that comes with your switch or router. For example, a hub may have an u 
when in the normal position it requires a crossover cable to connect two devices together. When in 
position, the cross is already performed in the device hardware and a straight-through cable is app 
Many of the Cisco switch ports are designated with an X above the port or a media dependent inter 
(MDI/MDI-X) toggle and some are not. Connecting two devices with Xs normally means they are li 
you need which kind of cable? Check your answer in Table 1-15. 


Table 1-15. Do You Need a Straight-Through or Crossover Cable 


Switch to router 


Switch to switch 
Hub to switchi¢1 
Router to router 


PC to routerl*#l 


Straight-Through (Unlike Devices) Crossover (Like Devices) Rollover T1 
1-1 1-3 1-8 1-. 
2-2 2-6 2-7 

3-3 3-1 3-6 

4-4 4-4 4-5 2-. 
5-5 5-5 5-4 

6-6 6-2 6-3 

7-7 7-7 7-2 

8-8 8-8 8-1 

PC to hub PC to PC (PC to server) Console cable |T1 
PC to switch Hub to hub 


(*] Doesn't follow the general rule of like devices use crossover cable and unlike use straight-through cable. The « 


with an asterisk require a crossover. 


The examples marked with an asterisk are exceptions to the general rule of like devices needing a 
cable and unlike requiring a straight-through cable. If you draw a line between Layer 2 and Layer : 
any device on the same side of the line uses crossover cables. 


NOTE 


| think of hubs and switches as Access Layer devices; because you use them to connect users, 
cabling respect they are the same. | think of PCs and routers as being the same for cabling pu 
because both can route using routing protocols. 


Wireless media is hot these days and is going to get hotter. It is great for places where wires aren 
(when you can't dig up the street because you don't have the right-of-way, for instance, or over a | 
where you choose not to lay cable or cable is just not feasible). It is becoming conveniently popula 
universities, and homes. Some examples follow. Infrared technologies enable you to transfer files « 
easily as you flip TV channels. Spread-spectrum radio is a cost-effective way to divide frequencies 
instead of leasing lines from the service providers. Encrypted full-duplex data is carried at a fractio 
Cellular digital packet data (CDPD) uses the network for data when not used for voice. Microwave i 
widespread. Take a trip to Maryland's NASA Goddard Space Flight Center sometime or check out tt 
Chincoteague Island, Virginia. New cars are coming out with what rental cars have had for some ti 
positioning systems (GPSs) are more popular than ever. If you are out on a boat, your latitude anc 


location is pretty significant to your whereabouts on the bay. 


Table 1-16 provides a concise yet comprehensive review of the OSI model. 


Table 1-16. The OSI Reference Model 


[View full size image] 


Application Messages, data, Telnet, NFS, FTP! Service File, print, message, 
(Layer 7) packets TFTP, HTTP, DNS, advertisement application, database, 
X 400, X.500, *RIP, Service use user interface, file 


(User interface) r 
“BGP, *DHCP transfer, e-mail 
(Services) Name resolution 


(DNS) 


ASCH, EBCIDIC, 
JPEG, MIDI, MPEG 


NetBIOS, Sockets, Dialog Simplex, half-duplex. 
full-duplex connection 


RPC, LDAP, drive 
mappings administration establishimenvdata 
transfer 


Session 


"OSPF, *IGRP, i Segment sequencing 

“EIGRP, SPX, TCP, Error/fiow control 

UDP (end-to-end) 
Guaranteed delivery 


View full size image] 


Datagrams, packets IP. “ARP, RARP. Logical addressing Unique IP/IPX 
ICMP, IGMP ‘Adiiea resnlinion (internal network 
(ARP) number) 


(Path determination) 


(Routing) 
Switching, Packet/message/cireuit 
sequencing Distance vector/link 


Route discovery! sate 


selection Static/dynamic 


Connection services | Flow/crror/sequence 


Gateway services control 


Network Layer 
translation 


Data Link Frames Ethernet, Token Ring, | LLC sublayer Logical link control 


FDDI, Frame Relay, 


HDLC, SDLC, PPP, 
(Data packaging) ISDN, LAPD Connection services 


(Encapsulation) Logical topology 
Media access 


(Layer 2) (Carpenter/framer) Synchronization Asynchronous! 
synchronous! 
isochronous 
Flow/error control 
Organizes Os and Is 
Physical addressing — | inte frames 


MAC sublayer Media Access Control 
Bus‘ring 
Contention/token 
passing/polling 
MAC axidress 
(physical device 
ackiress) 


Physical Bits UTP/CatSE, HSSI, Connection types Point-to-point/ 
(Layer 1) (Os-and 1s) veri ea fiber, multipoint 
(Coordinate rules wireless Physical topology Cable layout (bus sing. 
star, mesh, cellular) 
Digital/analog Current state/transition 
signaling 


for bit transmission) 


Bit synchronization =| Asynchronous! 
synchronous 
Bandwidth use Baseband (TDM) 
Multiplexin broadband (FDM) 
"Protocols asd applications are written to perform functions. Analyze the layers by looking at protocol analyzer traces. 


Routing in general is discussed in more detail with regard to Layer 3 (although many ride om TCP/UDP or contain 
their own reliability mechanisms), 


As you work through this book, you will encounter more detailed information and investigate speci: 
troubleshooting targets. At all times, remember that although it is certainly helpful to understand | 
work when you are shooting trouble, a methodical approach to troubleshooting is actually more im 


Troubleshooting by Layers 


You must train yourself to systematically analyze, resolve, and escalate problems. Troubleshooting 
is certainly one way to accomplish this. The OSI layers are built and stacked for a reason. For trout 
start at the Physical Layer and work your way up to the Application Layer. A layer problem will leac 
and a solution. It is pretty frustrating to just compare what works to what doesn't (the swap-til- yor 
approach), especially when you don't have anything left to swap. Use Table 1-17 to help you troub 
layers. 


Table 1-17. Troubleshooting by Layers 


OSI Layer Number OSI Layer Name Basic Troubleshooting 


7 Application Software problem in end system 
6 Presentation Software problem in end system 
5 Session Software problem in end system 


Host name (Sockets) or NetBIOS name issue 


4 Transport Software problem in end system 


Cisco/UNI X Traceroute tests up to L4 


3 Network Ping tests up to L3 


Microsoft Tracert tests up to L3 


2 Data Link Ping tests up to and through L3 


1 Physical Ping tests up to and through L3 


The reality of it all is that the OSI layers are a good approach to discussing networking and interne 
technologies and provide a very good foundation from which to troubleshoot. Be aware, however, t 
not necessarily answer all interoperability issues. As you can see, many industry standards and prc 
and obviously there is a lot more to know. 


NOTE 


Perhaps the 1SO should have included a Layer 0 for Power and Layers 8, 9, and 10 for Finance 
and Religion. Should | dare say lowest bid wins again, many decisions are quite political in na 
the methodology (religion) is because we have always done it that way? Although these layers 
part of the 1SO specifications, they do appear to be part of most practical environments (whet 
anyone actually admits it or not). 


Many internetworking topics can be examined by reviewing the technical details of the OSI model. 
give you a taste of them in this chapter and to introduce the importance of troubleshooting by laye 
model examples have purposely been | P-related due to the practical application of the book, but tr 
didn't have to be. | could have just as easily used another protocol stack. 


The DoD TCP/IP Suite 


Other industry standard models, such as the DoD TCP/IP suite, provide a way to take a systematic 
troubleshooting.Table 1-18 compares the DoD TCP/IP suite with the OSI model. 


Table 1-18. Comparing the ISO's OSI Model to the DoD's TCP/IP S 


OSI Layer Number OSI Layer Name PDU DoDTCP/ IP Su 

7 Application Messages Application 

6 Presentation Messages 

5 Session Messages 

4 Transport Segments (TCP) Transport 
Datagrams (UDP) | Host-to-host 

3 Network Packets/ datagrams | | nternet 

2 Data Link Frames Data Link 

1 Physical Bits Physical 


TCP/IP came from ARPANET. It is old, but definitely not outdated. Prior to the acceptance of the TC 
single-vendor solutions, such as |BM SNA and Novell | PX, prevailed. TCP/IP allows for heterogeneoa 
systems, platforms, and hardware, hence open systems. Many vendors and resources discuss the 1 
using four layers (see Figure 1-17); however, the DoD standards call for five layers, dividing the N: 
Interface Layer into separate Physical and Link Layers (see Table 1-18). 


Figure 1-17. Upper, Host-to-Host, and Lower Layers 
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This model gives you more mnemonics from the bottom up: Neverl gnoreTeacher'sAdvice: 


e Application 
e Transport 


e Internet 


e Network Interface 


Industry models enable you to take a layered approach to understanding technology and troublesh 
Cisco even recommends a layered approach to design. The Access Layer (user layer) is typically co 
low-end switches operating at 10/100 Mbps. The Distribution Layer (decision-making layer) is typic 
comprised of 100-Mbps routers, whereas the Core Layer is typically a 100/ 1000-Mbps backbone of 
switches to switch packets as fast as possible from the source to the destination network. Knowing 
your network is a big part of troubleshooting. Compare the models once again in Figure 1-18 befor 
to the Cisco approach to troubleshooting. 


Figure 1-18. Compare the Models 
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As you work through the scenarios and Trouble Tickets throughout the rest of the book, and partict 
you tackle problems in real life, it will become more and more apparent that you need an understa 
standards and protocols as well as systematic models and methods to effectively support your LAN 
The OSI model and TCP/IP suite certainly offer a layered approach to understanding and troublesh 
complex internetworks. However, there are many other approaches. As a matter of fact, Cisco offel 
approach of their own. Take the time to review the Cisco troubleshooting model. You can find it on 
Documentation CD-ROM or search at Cisco.com for "Internetwork Troubleshooting Guide, Troubles 
Overview" to find the Cisco approach to troubleshooting. 


The Cisco Troubleshooting Approach 


The Cisco approach to shooting trouble can be an effective way to troubleshoot, particularly if you : 
have a working method. This method is critical to the CCNP Support exam objectives, so you shoul 
1-19 very carefully. From a practical viewpoint, you do not need to change to the Cisco strategy if: 
troubleshooting method/model you have works. 


Figure 1-19. The Cisco Approach to Troubleshooting 
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“Always undo any previous changes 
before you iterate the process or 
attempt your next plan of action. 


The Cisco troubleshooting approach includes seven steps for resolving problems. (See Figure 1-19. 
define the problem. Next you gather facts and then consider possibilities based on those facts. This 
way of saying evaluate your alternatives. Create an action plan, which may be kind of an if-then-el 
Implement the plan, observe the results, and verify that you and everyone involved thinks you fixe 
at hand. If you did not fix the problem, be sure to undo any previous changes before you continue 
plan of action. If you have exhausted all your if-then-else courses of action in your action plan, you 
start at the top of the Cisco ladder to ensure you defined the right problem. Cisco suggests step se 
place to document the solution. However, documentation is very important at each step in this pro: 
indicated on Figure 1-19). | define some examples at each step in the following list. Use them to ay 
method to your own environment and to work through the chapter Trouble Ticket. 


1. Define the problem. 


For example, an end user calls in and reports the network is down. You should identify the sy 
isolate the problem, and document the findings. 


2. Gather facts. 


Perform pertinent tests. For example, can you ping or trace? From the PC? From the router? C 


another application such as HTTP or FTP? Can you telnet to the port? 


Find out when it last worked, if it ever worked, and whether it is a recurring problem. What h. 
since it last worked? 


Determine how many people/devices are affected. Is it a local or remote issue? If you did an 
baseline up front, you have some comparison information. See the "Practical Troubleshooting 
more on baselining and documentation. 


Work as a team; collaborate with other engineers and colleagues. Contact users, network adr 
managers, and other key people. 


Use your tools. For example, network management systems (NMS) such as CiscoWorks or Cis 
(CIC) enable you to map your network and track changes. Take advantage of protocol analyz: 
from programs such as Sniffer or NetMon. Monitor syslog or other logs. Interpret Cisco show 
output and research Cisco.com and other sites and tools. Time and date stamps are valuable 
troubleshooting; Network Time Protocol (NTP) is free, so you should take advantage of it and 
clock while gathering facts. Answer the questions that help you identify which tool to use; ren 
different tools operate at different layers. 


NOTE 


Chapter 2, "What's in Your Tool Bag," covers tools relevant to the CCNP Support exam ob 
and the practical world of internetworking. 
The most important thing about this step is to determine what the "real" and "full" problem is 
Trouble Tickets based on user complaints, remember to consider the user's description of the 
light of the user's technical expertise and understanding. 


Document the findings. 

Consider possibilities (based on facts). 

Brainstorm and narrow down the possibilities so that you can focus on what is relevant. Find | 
anyone else has tried to fix the problem. J ust as you did in the fact-gathering step, work with 
your team, not against them. 

Document the findings. More times than one! have been the victim of my own circumstance | 
not document the relevant possibilities or make a checklist of what had and had not been con 
Documentation should be so good that someone should be able to immediately pick up where 
a Trouble Ticket. 

Create an action plan. 

Determine what has to be done to fix the problem. Take a divide- and-conquer approach. List 
cause first and plan to change only one variable at a time so that you know what change has 
Identify any special resource requirements. Prioritize possibilities so that you start with the m 
solution first. Who or what will be affected as a result of your action plan? 

Document the findings. 


Implement action plan. 


Follow a step-by-step approach to carrying out the action plan. Change only one thing at a tin 
measure the results; always maintain a fallback plan. Make sure you don't make things worse 


additional problems. Documenting each step of the way and following your plan systematicall 
meticulously will assist with this. 


Limit the impact on others as required. For example, shops that work around the clock (7x24! 
likely to have a more stringent change process. 


Call or email TAC if you can't resolve a problem after putting it through the rigorous online tt 
gives you at Cisco.com. 


There's nothing worse than trying to troubleshoot more than one problem at a time—particulé 
embedded problem is something you have helped create! This is why you undo a plan when it 
solve the problem. 


Document the findings. 
6. Observe results. 


Determine whether you permanently solved the problem or whether you just implemented a t 
solution. 


Make sure the affected party/ parties think you fixed the problem. Then document the results | 
plan. If you did not fix the problem, go back and try the next item on your action plan. Alway: 
previous changes before you iterate the process or attempt your next plan of action. 


If you have not fixed the problem, consider taking time away from the problem; you might be 
back with a fresh perspective. Always have a backup plan. 


Document the findings. 
7. Document the solution. 


Document each step along the way and the final solution to improve overall expertise as you | 
internetwork. Many people forget this step. 


Whether manual or automated, maintain a database and change log for each piece of equipm 
example you should do things such as maintain version control, comment your configurations 
descriptions to your interfaces, and capture your logs for later review. Include change notes fi 
others in the configurations with remark, !, or # for comments. If you are capturing your log 
clock a couple of times to show when things happened. 


Record what you have done, have a fallback plan, and provide a history for yourself and othe 


Plan for people and equipment upgrades (future expansion). Emergency changes to fix proble 
thing, but planned changes should be coordinated properly to assess the risk, plan for the che 
communicate the change, implement the change, test the change, and document it. 


One of the major goals of the CIT course and the Support exam is to make sure you establish a me 
mindset for troubleshooting so that your network operates with a minimum amount of downtime. 1 
generic systematic approach is meticulous, disciplined, and optimistic. Any method that you are alr 
is probably fine for practical purposes, as long as you are Sure it takes advantage of the benefits a 
approach can bring. For exam purposes, however, be very familiar with the Cisco problem-solving 


NOTE 


Cisco offers another method called VISTA (View, Isolate, Solve, Test, Apply), which may bea 
easier to recall in the real world of troubleshooting. Cisco's latest methodology says, "Define t 
problem, then Isolate, and Correct." 


The following Trouble Ticket gives you a chance to apply the Cisco model to a sample network prok 
objectives are twofold. | want you to troubleshoot a particular technology by applying the seven-st 
troubleshooting approach presented earlier in this chapter. Figure 1-20 shows a graphic view of th: 
Walk through the Trouble Ticket with me as | use the Cisco method to solve the problem and sumn 
important technical concepts. 


Figure 1-20. Users Are Not Losers 


172.16,1.0/24 172.16.2,0/24 172.16.3,0/24 


FTP 


172.16.4.0/24 


NOTE 


Even though the issue is not something previously discussed in the book, it is something you < 
familiar with in a Cisco environment. 


Trouble Ticket: Users Are Not Losers 


An end user (hosta) calls in and reports, "I can't get to the FTP server." 


This and Figure 1-20 is all the information you have been given, so you must brainstorm according 


thoughts against the Trouble Ticket solution that follows. 


Trouble Ticket Solution: Users Are Not Losers 


1. Define the problem. 
hosta can't get to the FTP server, or at least that is what the user is telling you. 
2. Gather facts. 


Fact gathering requires you to ask lots of questions of users and devices and to collaborate w 
long as you are systematic and methodical, you can divide and conquer a bit while you are gé 
to eliminate checking everything. For example, hosta can't get to the FTP server. Instead of a 
many questions of the users, you can try a simple ping and tracert from hosta to both of the : 
network 172.16.3.0. If you can't ping, you know you must test for Physical, Data Link, and/or 
Layer issues between the source and destination networks. Perhaps you don't have a route to 
destination network; but if you can ping, you can move your testing above the Network Layer 
is a problem with a router in the path. Tracert (or traceroute) is helpful there. You should hav 
and documented facts such as the following: 


o hosta can ping hostb, its gateway 172.16.1.1, both devices on remote network 172.16.3 
everything on network 172.16.4.0. 


o hosta can tracert to all hosts on its local network and all remote networks shown in Figu 


o hosta and hostb on network 172.16.1.0 can't FTP to the FTP server on network 172.16.3 
remote hosts and routers can FTP to the FTP server on network 172.16.3.0. 


o You are not sure whether this ever worked because you don't have any other document 
3. Consider possibilities (based on facts). 


Narrow down the facts and possibilities so that you can focus on what is relevant. Your facts s 
you further define the original problem. The real issue is that hosta can't FTP to the FTP serve 
Because r1, r2, r3, and the hosts on network 172.16.4.0 can FTP, you know the issue is not w 
services on the server; instead the problem more likely involves the 172.16.1.0 network off o 
know that your problem is not a Physical or Data Link Layer issue because all pings are succe 


4. Create an action plan. 
Start with the most likely cause and change only one variable at atime. rl is a very likely tar 
everyone on the local 172.16.1.0 network is affected. Your action plan should include further 
of rl. Save your configurations and write down every step you intend to perform. The Cisco I¢ 
access-lists command is by far the most relevant here. 


5. Implement action plan. 


Theshow access-lists command reveals the following on r1: 


rl#sh access-lists 
Extended IP access list ftp 
deny tcp any any (16 matches) 
permit icmp any any (4 matches) 
permit tcp any 0.0.0.0 255.255.0.0 eq ftp-data 


permit tep any 0.0.0.0 255:255.0.0 eq ftp 


The access list is the reason hosta can't FTP to the server. After you found the access list, you 
that it was applied outbound on interface sO by examining the running configuration. You veri 
typingshow ip interface sO, and sure enough the FTP access list was applied outbound. 


Your analysis requires that you further define your action plan. You may temporarily decide tc 
statement off the interface so that the access list is not applied (no ip access-group ftp out 
allows hosta to FTP, you should fix the access list for a more permanent solution. You should : 
interface down until all changes have been made. Note that the access list denies all TCP com 
from anywhere to anywhere outbound. Your pings should succeed because of the ICMP staten 
the two permit tcp statements don't accomplish a thing because they use the subnet mask ri 
necessary wildcard mask. In this example, it is probably easiest to completely remove the old 
and create another one. You may need to go back to the top of the Cisco troubleshooting ladc 
to gather more facts to determine exactly what the access list should do. Assume you did that 
hostb, and any other hosts except host 172.16.1.13 added to network 172.16.1.0 should be a 
172.16.3.13. Although host 172.16.1.13 should not be able to FTP, all other | P-related comm 
be allowed. You also want to determine whether host 172.16.1.13 ever attempts to FTP to the 
Your new action plan should attempt to create and apply the following access list on r1: 


rl(config) #ip access-list extended ftp 
rl (config-ext-nacl) #deny tcp host 172.16.1.13 host 172.16.3.13 eq 20 
rl (config-ext-nacl) #deny tcp host 172.16.1.13 host 172.16.3.13 eq 21 


rl (config-ext-nacl)#permit ip any any 


rl (config-ext-—nacl) #interface serial 0 


rl(config-if)#ip access-group ftp out 


r1l(config-if) #end 


rl#copy running-config startup-config 


Observe results. 

Test your new access list by making sure that hosta and hostb can ping and FTP to the FTP se 
possible, add host 172.16.1.13 to ensure that it can't FTP to the FTP server; it should, howeve 
ping and tracert. It is critical to make sure you fixed the problem at hand and did not introdu: 
In addition, everyone must be content with your solution; otherwise it is still a problem. Make 
save your configurations and document the findings. Now that things are working, you may c 
revisiting your action plan. Alternatively, you could place this ACL inbound on interface e0 to 
closer to the source. 

Document the solution. 


Document all changes and your new configurations. 


rl#show access-lists 

Extended IP access list ftp 
deny tcp host. 172.16.1.13 host 172.16.3.13 eq ftp=data 
deny tep host T72s16.1.13 host. 172.116.3213 eq ftp 
permit ip any any 

rl#show ip interface serial 0 

SerialO is up, line protocol is up 

Internet address is 172.16.2.1/24 


Broadcast address is 255.255.255.255 


Address determined by non-volatile memory 
MTU is 1500 bytes 

Helper address is not set 

Directed broadcast forwarding is disabled 


Multicast reserved groups joined: 224.0.0.10 


Outgoing access list is ftp 
Inbound access list is not set 


Proxy ARP is enabled 


This Trouble Ticket has provided you with the opportunity to practice solving a problem using the C€ 
step approach and to review the following about access lists: 


e When coding your ACLs, use top-down processing. Place the more specific items at the top an 
items at the bottom. Don't rely on a particular version of the 1OS to order things for you. 


e At least one permit statement is required; otherwise the implicit default of deny any any ap 


e Wildcard masks are used in ACLs. They predate subnet masks. Many people write a 0 with a| 
anyhow, so just draw a checkmark over it so that you remember that 0 means check. Think o 
dot above it so it looks more like the letter i, for ignore. For example, 172.16.1.13 0.0.0.0 me 
bits if this statement is in the ACL. Instead of spelling out the 0.0.0.0, | used the keyword ho: 
revised access list. By the same token, 172.16.0.0 0.0.255.255 implies to check the first 16 b 
the last 16. 172.16.0.0 255.255.255.255 is the same as ignore all bits or the keyword any; a 
beingpermit ip any any, which says permit all IP traffic from anywhere to anywhere. 


e An ACL will not block traffic originating from the router. You observed this when you could FT 
172.16.3.13 but not from hosta, where you had to go through the affected router. 


e Named ACLs enable you to remove individual lines of code; although in this example, it was j 
delete it and start again. 


e To delete an ACL, it is best practice to type no in front of the lines to create and apply the ACI 
of any version inconsistencies. An empty ACL that is applied to an interface used to deny ever 
permits everything. Just don't apply an empty ACL. Always create before you apply and use tl 
tools for editing because you can't add or delete lines within the ACL in the Cisco command-li 
(CLI). However, you can delete lines within a named ACL. 


e When troubleshooting ACLs, use debug and log; matches are also helpful. For example, the 
how you can determine whether the host you wanted to deny ever attempts to FTP anyhow. 


e Although not apparent in this example, you should not have problems modifying an outbound 
remotely. However, you could potentially lock yourself out of the router with an inbound. 


e Remember, one ACL per protocol, per interface, per direction. This would have been an issue 
not have temporarily issued the no ip access-group statement so that the incorrect ACL was 


e Now that you have gone through the entire exercise and technically solved the implied proble 
probably should have asked yourself whether the user was supposed to have access to the FT 
aware of any policies in place outside the actual configuration of networking equipment. This 
of your "gathering facts" step. 


Practical Troubleshooting 


One day you will get a call that says the network is down. Be very prepared to divide and 
conquer to get to the real problem. Work through the affected layers. Remember that shooting 
trouble is often about questions. Do you ask the equipment or the user? Who is waiting for the 
results? What has happened? When did it occur? Why? Where did it happen? Plug it in; turn it 
on. Make sure you have lights and power. Did it ever work? What has changed since it last 
worked? Check the obvious. Who is complaining? Is it an end-system issue? Check the 
application and configuration if it is an individual person or machine. Is it a group of people or 
machines? Check connectivity and performance. Run through the OSI layers; remember ping 
and trace; check the routing tables. Is it a local segment issue or does it extend through routers? 
Is abad NIC, cable, or device causing performance degradation? Ping yourself, ping someone 
local, ping the default gateway, or start by pinging a remote network to test all of these. Trace 
the problem. What is slow: cabling, link, devices? Do you have a baseline comparison? Use ping, 
trace, a protocol analyzer, and other tools on an ongoing basis. Did someone else try to fix the 
problem? Never be too proud to ask for help. 


Actually it is quite helpful to have people with different backgrounds on your team, whether it be 
in a test lab or practical environment. You must be able to prioritize problem areas and people 
for that matter. Normally if the CEO has a problem, you take care of it immediately; if everyone 
else in the company is down, however, obviously they take precedence (one of those 8, 9, 10 
layer things—finance, politics, and religion). Modern day prioritization says let the CEO wait so 
that when you ask for more people or resources the CEO recognizes the need. 


Models and Methods 


| would like to credit my REDI model source, but it is something | learned about in college while 
at Johns Hopkins. | think it came from a systems design or database textbook. In any case, the 
REDI model gives me a systematic mindset for whatever | am doing. It is quite effective yet easy 
to remember. The basic tenants of the REDI model are as follows: 


e Define Your Requirements 
e Evaluate the Alternatives 
e Design and Develop 
e Implement (and then do it all over again) 
If the design and development work is done, you are probably troubleshooting or starting the life 


cycle all over again. Whether it is taking a certification test, a new consulting gig, or applying for 
a job, taking a structured approach and documenting appropriately are of utmost importance. 


Baselining and Documentation 


Baselining and documentation are crucial to your long-term success with internetwork 
troubleshooting. This is not just theory; for if you don't know what is normal, how do you know 
where to begin with troubleshooting. What if you get the call saying the network is slow? Slow 
compared to what? Did you collect any data when the network was installed and running 
properly, do you audit it from time to time, or have you just taken the put-out-the-fire approach 


to network management? You should know what information to collect, how to store it, and who 
is affected by what. Utilization (CPU and bandwidth); memory; error statistics; protocol 
distribution; traffic statistics; changes in hardware, software, and configuration; and past 
troubleshooting documentation are all important aspects for troubleshooting. Track patterns and 
trends. When you find out who or what is affected, time of day, day of week, and month of year, 
you can compare this to your baseline. 


In the form of pictures, charts, maps, tables, and databases, your baseline should include items 
such as the following: 


Model number Serial number 

RAM/ Flash memory 10S version 
Config-register settings Interface statistics 
Bandwidth/speed Clocking 
Encapsulation Duplex 

Descriptions Addresses 

Passwords Spanning-tree portfast 
VLANs Routed protocols 
Routing protocols Bridged protocols 


In practical application, other things that are valuable to document include the detailed location 
of equipment (down to the country, state, city, building, wiring closet, rack, and position). Store 
this information in a log book, on your network, or your personal digital assistant (PDA) for that 
matter. 


From a practical viewpoint, pictures are wonderful resources. Physical layouts, logical maps, lists 
of protocols (routed, bridged, and routing including redistribution and filtering) can aid you in 
the process. Include your Internet connections, addressing plans, DHCP, NAT, security plans, 
and application implementations in your diagrams. What is normal for you may not be what is 
normal for the next person, so documentation and diagrams are invaluable. Change is truly the 
only thing constant in this industry—software, hardware, and configuration. Doctors keep 
records on your children from the time they are born throughout their life, documenting such 
things as shots, diseases, symptoms, cures, operations, and so on. Do the same for your 
network. The answer to your problem will be easier to find if it happened before and you 
documented it in a database of some kind. 


Practical troubleshooting is all about taking the previous methods and models and applying them 
to the real world. Regardless of the model/method you follow, if you take a systematic approach 
you will be able to narrow the problem down. Amateurs and pros alike should be able to analyze 
new and complex problems with an effective strategy. It is not necessary to be a know-it-all to 
be an effective troubleshooter. A successful troubleshooter is a logical thinker with common 
sense and people skills. Divide and conquer as you did with the access list Trouble Ticket; 

narrow possibilities down by the layers. Analyze and resolve. If you can't, escalate the issue to 
the team that can. 


An unsystematic approach is time-consuming and costly. This concept is stressed on the CCNP 
Troubleshooting exam, CCIE exams, and CCSI exams. Troubleshooting models and methods 
help reduce a large set of causes to a smaller set of causes or, better yet, a single cause. Then 
you can solve the problem and document it for future reference to help mitigate the pressures of 


supporting critical complex internetworks. Remember, however, that vendor interoperability is 
far less smooth than theory models pretend it to be. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


1: The Transport Layer is the host-to-host layer in the OSI model and the TCP/IP suite. 
It is in-between the upper and lower layers and depending on the protocol is 
responsible for delivery, error detection, and correction. Describe the upper layers of 
the OSI model and include examples. 


Les 


Describe the lower layers of the OSI model and include examples. 


3: Draw a picture showing the differences between OSI layers and TCP/IP layers. 
4: Explain encapsulation using the appropriate protocol data unit terminology. 
5: Explain de-encapsulation, including how Layer 2 hands off to Layer 3, how Layer 3 
hands off to Layer 4, and so on. 
6: What is the difference between a hub, switch, and router? 
7: What is the difference between routed and routing protocols? Give examples of each. 
8: Describe packet flows through routers. 
9: How can the OSI model assist in troubleshooting? 
10: List the seven steps of the Cisco troubleshooting model? 


Summary 


This chapter presented an introduction to troubleshooting, a review of standards and protocols, 
industry models, troubleshooting methods, baselining, and documentation techniques. The 
chapter covered the OSI model and included information on how an understanding of that model 
can aid you in the troubleshooting process. The DoD TCP/IP suite was also covered and 
compared to the OSI model. The Trouble Ticket offered you an opportunity to apply the Cisco 
troubleshooting method and other techniques you learned in this chapter. Now that you have 
reviewed and studied a systematic approach to troubleshooting, you should determine whether 
you really have the right tools for the job. 


Chapter 2. What's in Your Tool Bag? 


One of your objectives thus far is for you to shoot trouble rather than let trouble shoot you. 
When confronted with network problems, it is of utmost importance for you to define the 
problem, gather facts, and consider various possibilities based on those facts. The connection 
may not be possible, for example, or perhaps the data transfer is just slow. Higher- level 
processes may provide error-checking issues, retransmission problems, routed and routing 
protocol issues, and other problems. Lower-level data-link targets are basically interfaces and 
controllers. This chapter reviews the output of some basic 1|OS commands to assist you in 
identifying trouble-shooting targets and to prove this bottom-up troubleshooting theory before 
you adventure into the detailed troubleshooting Trouble Ticket-based chapters to follow. 


This chapter focuses on many of the CCNP Troubleshooting objectives and is just as critical to 
your overall certification and practical success as the preceding chapter. This chapter specifically 
addresses what you need in your tool bag for Cisco troubleshooting. The chapter starts by 
reviewing |OS commands and goes on to discuss other hardware- and software-related tools you 
need in your bag. 


This chapter covers the following topics: 


e |OS Troubleshooting Tools 

e Cisco Connection Online 

e Project DOTU 

e Network Management 

e Hardware Tools and Media Testers 
e Network Monitors 

e Protocol Analyzers 


e Desktop Tools 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table 1-1 in the Introduction. 


IOS Troubleshooting Tools 


Cisco is more than just a hardware company. Cisco |OS provides you with powerful diagnostic 
programs such as show, ping, trace, log, and debug commands. Mastering them is important 
because some of these can be simple tools that can still save you a great deal of time. 


Table 2-1 and the following sections review some basic |OS troubleshooting tools. The objectives 
here are to review the output and summarize the importance of the commands so that you can put 
them to practical use. Many times it is advantageous if you can physically inspect the hardware, su 
as the equipment, cables, and connectors; but maybe you can't. Lots of times you are remote to th 
problem, depending on your scenario, so it is critical to know the tools innate to the IOS to assist 
you. 


NOTE 


ReviewChapter 1, "Shooting Trouble," to make sure you have an understanding of protocol 
technical characteristics and a systematic method for troubleshooting. 


Table 2-1. 10S Troubleshooting Tools 


Cisco Description 
Command 
show A snapshot of what is occurring to monitor status. The show commands enable yo 


to detect neighbors, spot performance issues, and isolate problems. 


ping Determine end-to-end connectivity and reachability. 


traceroute Hop-by-hop approach to finding the problem. 


log Monitor and view messages that record real-time events, such as errors, warnings 
and state transitions. 

debug Use for troubleshooting traffic flow or misconfigurations; not for normal daily 
operations. 


Cisco Show Commands 


Cisco show commands give a snapshot of what is occurring to monitor status, detect neighbors, sp 
performance issues, and isolate problems. This discussion covers several show commands to prepa 
you for the chapter practical exercise, various Trouble Tickets throughout the book, and for your 
overall real-world troubleshooting needs. Feel free to use the question mark (?) for help or more 
detail. Be aware that show ? yields different results according to whether you are in user mode or 
privileged (enable) mode. In addition, you can use show cdp ? to display the optional keywords 
available with that particular command. 


NOTE 


The following examples and screen shots were captured with little or no traffic, but are 
some of the commands you should use to set up a baseline. Any time you see... | have cut 
part of the output. 


Useshow controllers for Ethernet, Token Ring, FDDI, or T1 to see DTE/DCE, clocking, bandwidth, 
and to determine whether the cable is plugged in properly. Narrow the command output by 
specifying an interface, such as sO. Remember, however, to put a space between thes and the 0. 
This is the only 1|OS command | can think of where you must put the space (but, in fact, this is an 
10S release-dependent behavior). Examples 2-1 through 2-3 show the output of show controller: 
serial 0. 


Example 2-1. show controllers on DCE End with serial O Up and Running 


r2>show controllers serial 0 
HD unit 0, idb = OxDFE7C, driver structure at OxE52F8 


buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000 


The shaded line emphasizes the V.35 DCE cable with a clock rate of 64000. The DCE end of a seria 
line always provides clocking (timing synchronization). Normally you receive the clock from the 
service provider, but in a lab scenario a back-to-back 60-pin serial cable is used (in which the DCE 
end requires the clock rate command). You can order these cables for your lab from such places a 
Ebay.com or Stonewallcable.com. Search for "cable assemblies and pinouts" on Cisco.com for a 
picture of the DB60 60-pin, male, back-to-back ElA-530 type used for the practical examples in thi 
book. 


Example 2-2 shows what happens when you unplug the cable. If you can, set up two routers of you 
own with the back-to-back serial cable and give it a try. 


Example 2-2. show controllers and show interfaces with serial 0 
Unplugged 


cat 
00:59:36: SLINK-3-UPDOWN: Interface Serial0, changed state to down 


00:59:37: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state 


to down 
r2#show controllers serial 0 
HD unit 0, idb = OxDFE7C, driver structure at OxE52F8 


buffer size 1524 HD unit 0, No cable, clockrate 64000 


r2#show interfaces serial 0 
SerialO is down, line protocol is down 
Hardware is HD64570 


Description: r2 sO DCE to rl s0O DTI 


E3| 


Internet address is 192.168.2.2/24 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:03:31, output 00:03:35, output hang never 
Last clearing of "show interface" counters never 
Input queue: 0/75/0 (size/max/drops); Total output drops: 0 
Queueing strategy: weighted fair 
Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/2/256 (active/max active/max total) 
Reserved Conversations 0/0 (allocated/max allocated) 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
390 packets input, 22659 bytes, O no buffer 
Received 367 broadcasts, O runts, 0 giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
389 packets output, 23296 bytes, O underruns 
0 output errors, O collisions, 26 interface resets 
0 output buffer failures, O output buffers swapped out 


7 carrier transitions 


DCD=down DSR=down DTR=down RTS=down CTS=down 
c2# 
01:06:38: SLINK-3-UPDOWN: Interface Serial0, changed state to up 
01:06:39: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state 


to up 


Theshow controllers output "no cable" on r2 indicates that the cable is unplugged. Hence, the 
status of serial0 in Example 2-2 is that sO is down and the line protocol is down. Notice the last 
couple of lines of the display for show interfaces serialO. These indicate carrier transitions; all 
modem control leads are down, too. This is obviously a Layer 1 issue. Now plug the cable back in 
and take a look at the DTE end onr1 in Example 2-3. 


Example 2-3. show controllers on DTE End with serial 0 Up and Running 


rl>show controllers serial 0 

HD unit 0, idb = OxFC1A8, driver structure at 0x101628 

buffer size 1524 HD unit 0, V.35 DTE cable 

cpb = OxE2, eda = 0x4064, cda = 0x4078 

RX ring with 16 entries at 0xE24000 

00 bd_ptr=0x4000 pak=0x104A60 ds=0xE2F240 status=80 pak_size=45 
01 bd_ptr=0x4014 pak=0x103E60 ds=0xE2C9D8 status=80 pak_size=45 


ri> 


It is often difficult to discuss one 1|OS command without mentioning another. For example, it is 
almost impossible to discuss the show controllers command without mentioning the show 
interfaces command because they are both very important lower-level troubleshooting target 
commands. 


Theshow interfaces command shows the statistics for all the Ethernet, Token Ring, FDDI, ATM, 
BRI, PRI, High-Speed Serial Interface (HSSI), or serial interfaces on a particular box. However, it i 
normally more helpful to clear the counters and look at just a particular interface to hone in on the 
problem. The clear counters command resets the counters, enabling you to look at the interface 
from a certain time forward; however, it does not reset things such as Simple Network Managemer 
Protocol (SNMP) parameters. Example 2-4 illustrates these interface commands. 


Example 2-4. show interfaces and clear counters 


r2>show interfaces 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c38.a05d (bia 0000.0c38.a05d) 
Description: r2 e0 to HostC Win98Dell 
Internet address is 192.168.3.1/24 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:04:22, output 00:00:03, output hang never 
Last clearing of "show interface" counters never 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
15 packets input, 3026 bytes, O no buffer 
Received 10 broadcasts, O runts, O giants, O throttles 
OQ input errors, O CRC, O frame, 0 overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
554 packets output, 55751 bytes, O underruns 
0 output errors, O collisions, 2 interface resets 
0 babbles, O late collision, O deferred 
OQ lost carrier, O no carrier 
0 output buffer failures, O output buffers swapped out 


SerialO is up, line protocol is up 


r2#clear counters 
Clear "Show interface" counters on all interfaces [confirm] 
c2# 
01:22:56: SCLEAR-5-COUNTERS: Clear counter on all interfaces by console 
r2#show interfaces ethernet 0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c38.a05d (bia 0000.0c38.a05d) 
Description: r2 e0 to HostC Win98Dell 
Internet address is 192.168.3.1/24 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:43, output 00:00:04, output hang never 
Last clearing of "show interface" counters 00:00:19 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
0 packets input, O bytes, O no buffer 
Received 0 broadcasts, O runts, O giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
2 packets output, 120 bytes, O underruns 
0 output errors, O collisions, 0 interface resets 
0 babbles, O late collision, O deferred 
Q lost carrier, 0 no carrier 
0 output buffer failures, 0 output buffers swapped out 


r2> 


Example 2-4 displays clear counters and has me confirm that | want to clear the counters on all 
interfaces. From a troubleshooting perspective, it is advantageous to clear only the affected interfa 
counters. Also note the description section in Example 2-4. The description command is an option 
interface command that is extremely helpful for troubleshooting. A good example would be to type 
description fa2/ 0 to headquarters fal1/ 2 room 101. The description is like naming the port; it 
all part of good documentation techniques that successful troubleshooters need. 


Example 2-5 shows the show ip interface brief command output. It is not just an IP command; i 
also works for other Layer 3 protocols. It gives you a glimpse of the status of your interfaces and 
addresses. Although this command may suit your requirements when you don't need to see all thal 
other stuff, be aware that this output doesn't even show you subnet mask details, which you often 
need to see in troubleshooting scenarios. 


Example 2-5. show ip interface brief 


r2>show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O 192'.1:68..3:2.1 YES manual up up 
SerialO 192.168 22.2 YES manual up up 
Seriall unassigned YES unset administratively down down 

r2> 


"Administratively down" always indicates that you need to perform the no shut command on the 
interface; in Example 2-51 am really not using s1, however, so it is not a worry here. In general, t 
Status column indicates the Layer 1 status, and the Protocol column indicates the Layer 2 status. 


Two other interface commands are show interfaces ethernetO and show ip interface ethernet 
Although these look similar, they differ significantly. (See Example 2-6.) The show ip interface 
ethernetO command displays the IP settings and defaults, whereas show interfaces etherneto ( 
any other type of interfaces for that matter) shows statistics for packets that go to, through, or are 
generated by the router. When checking to determine whether an access list has been applied on tl 
interface, type show ip interface ethernet 0. If, on the other hand, you are looking for interface 
errors,show interfaces ethernet0O offers more help. 


Example 2-6. show ip interface ethernet 0 Compared to show interfaces 
ethernet 0 


r2>show ip interface e0 


EthernetO is up, line protocol is up 
Internet address is 192.168.3.1/24 
Broadcast address 1S 255.255.255.259 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Outgoing access list is not set 
Inbound, access list is not. sét 
Proxy ARP is enabled 
Security level is default 
Split horizon is enabled 
ICMP redirects are always sent 
ICMP unreachables are always sent 
ICMP mask replies are never sent 
IP fast switching is enabled 
IP fast switching on the same interface is disabled 
IP Fast switching turbo vector 
IP multicast fast switching is enabled 
IP multicast distributed fast switching is disabled 
Router Discovery is disabled 
IP output packet accounting is disabled 
IP access violation accounting is disabled 
TCP/IP header compression is disabled 
RTP/IP header compression is disabled 
Probe proxy name replies are disabled 
Policy routing is disabled 


Network address translation is disabled 


Web Cache Redirect is disabled 


BGP Policy Mapping is disabled 


r2>show interfaces e0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c38.a05d (bia 0000.0c38.a05d) 
Description: r2 e0 to HostC Win98Dell1 
Internet address is 192.168.3.1/24 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:45, output 00:00:04, output hang never 
Last clearing of "show interface" counters 00:22:51 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
3 packets input, 750 bytes, O no buffer 
Received 3 broadcasts, 0 runts, 0 giants, O throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
O input packets with dribble condition detected 
160 packets output, 15281 bytes, O underruns 
0 output errors, O collisions, 0 interface resets 
0 babbles, O late collision, O deferred 
0 lost carrier, O no carrier 
0 output buffer failures, O output buffers swapped out 


r2> 


Look for lights (LEDs) to help troubleshoot Layer 1 problems, and check things such as 
encapsulation, input and output drops and errors, carrier transitions, and interface resets to assist 
with Layer 1 and Layer 2 issues. |OS interface and controller commands prove quite helpful in this 
respect. You will examine more specifics in the chapters to come. For now, turn your attention to 
Cisco Discovery Protocol (CDP). 

Theshow cdp neighbors [ detail] command shows only directly connected Cisco devices because 
is a Layer 2 proprietary protocol. However, you can telnet to other devices and use show cdp ? 
from there to draw a physical map of your Cisco devices. As many of the other 1|OS commands, cd| 
even works from user mode to give you information for ports, holdtime, device and capabilities 
codes, and so on. In addition, you can use clear cdp rather than wait the three minutes for it to 
completely disappear, if necessary. CDP sends and receives neighbor advertise-ments over multica 
address 01-00-0Oc- cc-cc-cc. It uses a proprietary High-Level Data Link Control (HDLC) type value, : 
it must run on media that supports the Subnetwork Access Protocol (SNAP) format. 


Example 2-7 illustrates show cdp neighbors with and without the optional detail keyword. 


Example 2-7. show cdp neighbors [detail] 


r2>show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r —- Repeater 

Device ID Local Intrice Holdtme Capability Platform Port ID 
ri Ser 0 178 R 2516 Ser 0 
r2>show cdp neighbors detail 
Device ID: rl 
Entry address(es): 

IP’ addresis:: 192.168.2511 
Platkiorm: cisco 2516, Capabilities: Router 
Interface: Serial0O, Port ID (outgoing port): Serial0 
Holdtime : 168 sec 
Version : 
Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 


Notice the holdtime parameter in the preceding example and how it changed from 178 to 168. This 


is how long you remember CDP parameters from your neighbor. Use show cdp as in Example 2-8 
check the defaults of 180 seconds for the holdtime, which is 3 times the adver-tising interval of 60 
seconds. Interestingly enough, if you turn off CDP on your router interface, it still learns about othe 
neighbors in its CDP table, but doesn't forward its own information. 


Example 2-8. show cdp Defaults 


r2>show cdp 
Global CDP information: 
Sending CDP packets every 60 seconds 


Sending a holdtime value of 180 seconds 


Reviewshow cdp neighbors and show cdp neighbors detail output until you are very com- 
fortable with them, or better yet until you can draw a complete map of your environment. Look ba: 
atExample 2-7 once more. show cdp neighbors shows the local interface and the remote port ID. 
show cdp neighbors detail shows the local interface as port 1D and the remote interface as 
outgoing port. 


NOTE 


In troubleshooting CDP, look for lines such as no cdp run (global) or no cdp enable 
(interface) in your configurations. Also, |P unnumbered does not pass your IP information 
through CDP. 


Although many problems are physical in nature, if the lower layers check out you must move up to 
protocol connections as troubleshooting targets. Some examples include routing processes, switchi 
processes, routing protocols, routed protocols, and so on. 


You certainly can start with show ip route, assuming you are using IP as a routed protocol, to see 
whether you have a route to your destination network. However, do not underestimate the power c 
show protocols and show ip protocols (see Example 2-9). 


Example 2-9. show protocols and show ip protocols 


r2>show protocols 


Global values: 


Internet Protocol routing is enabled 
EthernetO is up, line protocol is up 
Internet address is 192.168.3.1/24 
SerialO is up, line protocol is up 
Internet address is 192.168.2.2/24 
Seriall is administratively down, line protocol is down 


r2>show ip protocols 


r2>show ip route 
Codes: C -— connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX -— EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El. = OSPF external. type 1, E2 = OSPF external type 2, E = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 


Gateway of last resort is not set 


c 192.168.2.0/24 is directly connected, Serial0 
oy 192.168.3.0/24 is directly connected, Ethernet0O 
E2> 


Example 2-9 certainly illustrates that IP routing is enabled by default, but it is possible for someon 
to issue no ip routing. To re-enable the |P routing process, use the global command ip routing. 1 
enable | PX routing, you must issue ipx routing. 


Perhaps you have figured out by now that in Example 2-9 both show ip protocols and show ip 
route indicate that no routing protocols are turned on. 


If you are following along with me in your own practical lab, you can take a look at Figure 2-1 for ¢ 
picture of my test lab that | plan to build upon throughout this book. Although | am using a 2516 
and 2501 for the examples in this chapter, you can certainly use any router that has at least one 
Ethernet and one serial interface. Take a look at Cisco.com to get a list of routers that meet these 
criteria. 


Figure 2-1. Chapter 2 Scenario 


Network 1 Network 2 Network 3 
192,168.1,0/24 192, 168.2.0/24 192,168.3.0/24 


hoste 


Next | configure RIP onrl and r2 to allow rl to reach the far side of r2 and vice versa. Example 2- 
shows the configuration, and Example 2-11 shows the testing. 


Example 2-10. Adding a Routing Protocol to rl and r2 


rl(config) #router rip 
rl (config-router) #network 192.168.1.0 
rl (config-router) #network 192.168.2.0 
rl (config-router) #end 
r2 (config) #router rip 
r2 (config-router) #network 192.168.2.0 
r2 (config-router) #network 192.168.3.0 
r2 (config-router) #end 


c2# 


Example 2-11. Testing the Routing Protocol 


r2#show protocols 


Global values: 
Internet Protocol routing is enabled 
EthernetO is up, line protocol is up 
Internet address is 192.168.3.1/24 
SerialO is up, line protocol is up 
Internet address is 192.168.2.2/24 


Seriall is administratively down, line protocol is down 


r2#show ip protocols 

Routing Protocol is "rip" 
Sending updates every 30 seconds, next due in 20 seconds 
Invalid after 180 seconds, hold down 180, flushed after 240 


Outgoing update filter list for all interfaces is 


Incoming update filter list for all interfaces is 
Redistributing: rip 


Default version control: send version 1, receive any version 


Interface Send Recv Key-chain 
Ethernet0 i 1.2 
Serial0 Hd i 2 


Routing for Networks: 
192 .268:.2:.'0 
192.168:.3.:0 
Routing Information Sources: 
Gateway Distance Last Update 
192. V68 225.1 120 00300225 


Distance: (default is 120) 


r2#show ip route 


Codes: C -— connected, S - static, I - IGRP, R - RIP, M - mobile, 


By = BGP 


D —- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 

Bl = OSPF external type 1, E2 = OSPF external type 2, E = EGP 

i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 


Gateway of last resort is not set 


R 192.168.1.0/24 [120/11] via 192.168.2.1, 0000211, Serialo 
Cc 192.168.2.0/24 is directly connected, Serial0 

Cc 192.168.3.0/24 is directly connected, Ethernet0O 

r2#exit 


r2>ping 192.168.1.1 
Type escape sequence to abort. 


Sending 5, 100=-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms 


show protocols indicates that the |P routing process (routed protocol) is enabled as well as the 
interface address and status. show ip protocols identifies exactly which routing protocols are 
running and what networks are advertised. The routing table now contains the missing Network 1, 
and the user ping output in Example 2-11 confirms that r2 can now reach the far side of rl. 


NOTE 


When changes are made with routes, it is often helpful to issue the clear ip route 
command to clear a particular route and force the network to converge. In a lab 
environment, | tend to not worry about specifics and just type clear ip route *, but this is 
definitely one of those possible career-limiting moves (CLMs) in the practical world. Best 
practice is to replace the * with a specific network address to clear an individual route. 


Recall from Chapter 1 and from your own networks that on broadcast media, an Address Resolutio! 
Protocol (ARP) packet is broadcast (local broadcast) to resolve the destination IP address (Layer 3) 
to its corresponding MAC address (Layer 2). If the destination host is on the same subnet, the MAC 
is the destination host's address. If the destination host is on a different subnet, the resulting 
resolution is generally the default gateway (local router interface) MAC address. The output in 


Example 2-12 shows the MAC address of interface Ethernet 0 on my r2 router, which | verified wit 
show ip interface ethernet 0. The other address in the ARP table is the host MAC address for 
192.168.3.5, because it is on the local Ethernet segment of the r2 router. There is no difference 
betweenshow arp and show ip arp in the example because IP is the only routed protocol current 
running. 


Example 2-12. show arp and show ip arp 


r2>ping 192.168.3.5 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168.3.5, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 
r2>ping 192.168.3.5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.3.5, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms 


r2>show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 192.168.3.1 - 0000.0c38.a05d ARPA Ethernet0O 
Internet 192.168.3.5 0 0050.04d£.5f3c ARPA Ethernet0 


r2>show ip arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 192.168.3.1 - 0000.0c38.a05d ARPA Ethernet0O 
Internet 192.168.3.5 0 0050.04df£.5f3c ARPA Ethernet0 


r2>show interfaces e0 

EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c38.a05d (bia 0000.0c38.a05d) 
Description: r2 e0 to HostC Win98Dell 


Internet address is 192.168.3.1/24 


MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 


r2>show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 192.168.3.1 - 0000.0c38.a05d ARPA Ethernet0O 
Internet 192.168.3.5 13 0050.04df£.5f3c ARPA Ethernet0 


r2>show arp 


Protocol Address Age (min) Hardware Addr Type Interface 

Internet 192.168.3.1 - 0000.0c38.a05d ARPA Ethernet0O 

Internet 192.168.3.5 14 0050.04df£.5f3c ARPA Ethernet0 
NOTE 


The router keeps an ARP entry for four hours by default, whereas a PC retains this 
information for only a couple of minutes. Microsoft Windows default ARP cache timeout is 
two minutes. 


Refer to the Age (min) column in the preceding example to watch the numbers increase. ARP is 
dynamic in nature; if the wrong information was learned or you move a device, however, you may 
sometimes need to clear the ARP cache with the clear arp-cache command when you are 
troubleshooting. First, you should shut/no shut the particular interface to see if that clears the iss 
at hand. 


Other helpful show commands include show version, show running-config, show startup- 
config, show flash, various memory commands, and show tech-support.Examples 2-13 throug 
2-22 illustrate and explain these commands. 


NOTE 


Example 2-13 displays the output of show version. Even when you are at your wits’ end, 
you better pay attention to it. Too many times, | have exhausted my bottom-up 
troubleshooting skills and still been stumped by this one. In other words, | worked my way 
up from the Physical Layer to the Application Layer, and the real problem was the |OS 
version | was using. 


Example 2-13. show version 


r2>shver 

Translating "shver"....domain server (255.255.255.255) 

% Unknown command or computer name, or unable to find computer address 
r2>show version 

Cisco Internetwork Operating System Software 

IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 
Copyright 1986-1999 by cisco Systems, Inc. 

Compiled Tue 15-Jun-99 19:57 by phanguye 


Image text-—base: 0x0303D744, data-base: 0x00001000 


ROM: System Bootstrap, Version 11.0(10c)XB1l, PLATFORM SPECIFIC RELEASE SOFTWARE 


(£E7) 


BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)xXB1, 


PLATFORM SPECIFIC RELEASE SOFTWARE (fcl) 


r2 uptime is 6 hours, 15 minutes 

System restarted by power-on 

System image file is "fLlash:c2500-15=-1.120=5.bin" 

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory. 
Processor board ID 01507529, with hardware revision 00000000 
Bridging software. 

X.25 software, Version 3.0.0. 

1 Ethernet/IEEE 802.3 interface(s) 

2 Serial network interface(s) 

32K bytes of non-volatile configuration memory. 

16384K bytes of processor board System flash (Read ONLY) 


Configuration register is 0x2102 


>r2 


Notice in Example 2-13 how the router is attempting to resolve the host name to an IP address. | 
could have just typed no ip domain-lookup so that the router didn't keep looking for a Domain 
Name System (DNS) server, but | didn't. The shortcut sh ver would have worked just fine had | 
inserted the space. | have shaded some of the output of interest, such as hardware and software 
config files, boot images, and version, but you can always research the details at Cisco.com. You w 
do that in later sections of this chapter. show version shows 16384K/2048K, which is the amount 
RAM/shared packet memory on the router. The command also helps you identify any known bugs 
with a particular 1OS version or release. For example, the current |OS version on rl and r2 is 
12.0(5), which is read Version 12.0 Release 5. However, 12.0 code did not reach General 
Deployment (GD) until 12.0(8). 


NOTE 


The router takes almost a minute to attempt DNS lookups for every unknown phrase that 
may be a telnet attempt. On a practical note, also keep in mind that DNS name resolution 
is via a User Datagram Protocol (UDP) broadcast packet. 


From a support standpoint, it is very helpful to understand not only the command structure of the 
10S but also how the versions and releases work. You may use new IOS releases in a test bed, but 
GD is more common ina production environment. Table 2-2 describes the release designations. 
Also, Cisco makes use of Technology release train letters such as E for Enterprise feature set, S for 
Service Provider, and T for Consolidated Technology followed by another sequential character such 
as A or Bat the end of its filenames. 


Table 2-2. The 1OS Life Cycle 


Release 
Designation 


Description 


FCS 


First Commercial Shipment. Initial release that delivers new functionality to the 
market. 


CCO FCS Date 


Commercially available to customers for electronic download from Cisco.com. 


MFG FCS Date 


Commercially available to customers from Cisco manufacturing (normally a week 
after CCO FCS). 


Product 
Bulletin# 


1D number of product bulletin describing the new features. 


Major Release 


Delivers significant platform and feature support to market. No new features are 
added to a Major Release after the initial FCS to protect stability. 


GD Reaches the General Deployment milestone when Cisco announces that it is 
suitable for deployment anywhere in customer networks where features and 
functionality of the release are required. The GD milestone is reached after Cisco 
considers criteria such as customer feedback, bug reports, and reported field 
experience. Only Major Releases are GD candidates. 

LD Limited Deployment is the life cycle phase between the initial FCS and the GD 
milestones. 

GD Release Maintenance release at which the Major Release became GD. 

ED Release Early Deployment Releases offer new feature, platform, or interface support. 

End of Sales Can't order after this date, but still available on Cisco.com. 

End of Although no more scheduled maintenance releases for the Major Release, it is stil 

Engineering available on Cisco.com. 

End of Life Software is no longer officially supported. Removed from Cisco.com. 
Approximately 3 years following the FCS of the Major Release. 

Obsolete Can't order, but can be made available on Cisco.com under certain conditions. 


Example 2-14 shows the output of show running-config. Compare this to Example 2-15, which 
coversshow startup-config. 


Example 2-14. show running-config (write terminal) Command Output 


r2>show run 


Aa 


% Invalid input detected at 


r2>en 


r2#show run 


TAT 


marker. 


r2#show running-config 


Building contiguratiion.. +. 
Current configuration: 

version 12.0 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
hostname r2 

ip subnet=zero 

ip host ri 192..168)..2.1 

ip host hostA 192:.168.1.11 

1p host hoste 192).166.1 ,12 


ip host: host 192.168.4345 


ip host r2 192.2.168:.2.2 
process-max-time 200 


interface Ethernet0O 


description r2 e0 to hostC Win98Dell1 


ip address 192.068':3:..1. 255.255.255...0 


no ip directed-broadcast 


interface Serial0O 


description r2 sO DCE to rl sO DTE 


bandwidth 64 


ip address: L922. 168 i202 25522559 .259 0 


no ip directed-broadcast 


no ip mroute-cache 


clockrate 64000 


interface Seriall 


no ip address 


no ip directed-broadcast 


shutdown 
router rip 
network 192.168.2.0 
network 192.168.3.0 
ip classiess 
line con 0 
transport input none 
line: aux 0 
line vty 0 4 
password donna 
login 
end 


c2# 


NOTE 


Note that show run is not available in user mode. | typed show run from enable mode 
and pressed Tab to complete the command so that you could view the full command. | do 
the same for show start in the next example. Command completion is not necessary and 
normally | do not bother. Always pay attention to commands and modes, however, 
because Cisco CCNP tests in general cover them. The commands in this book follow the 
Cisco and Cisco Press conventions of spelling them out entirely so that you can get 
comfortable with the full command. In a practical environment, shortcuts are just fine. 


It is definitely not good practice that | haven't saved my configuration for a while. | will save just a 
soon as you take a look at show startup-config in Example 2-15. 


Example 2-15. show start (show config) Command Output 
r2#show start 


r2#show startup-config 


Using 764 out of 32762 bytes 


version 12.0 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
hostname r2 

ip subnet-zero 

ip host rl 192.168 .2.1 

ip host hostA 192.168 .1.11 

ip host NostB 192).166.1.12 


ip host ‘host 192.6168 ..3%.5 


ip host r2 192.168 32.2 


process-max-time 200 


interface Ethernet0O 


description r2 e0 to hostC Win98Dell1 


Hp address: LOS 168 3s. 255.2995 29900 


no ip directed-broadcast 


interface Serial0O 


description r2 s0 DCE to rl sO DTE 


bandwidth 64 


ip address LO2. L68. 2.2 259562005 20000 


no ip directed-broadcast 


no ip mroute-cache 


clockrate 64000 


interface Seriall 


no ip address 


no ip directed-broadcast 


shutdown 


ip classless 


line con 0 

transport input none 
line aux 0 
line vty 0 4 

password donna 

login 
end 


c2¢wr 


Example 2-15 shows that you are using 764 out of 32762 bytes of the NVRAM. Many people confus 
NVRAM and Flash, but they are quite different. NVRAM is writable permanent storage for your 
startup configuration, whereas Flash provides permanent storage for the Cisco |OS software 
image(s), backup configurations, or other files. | saved my configuration on r2 with the write 
memory command because wr is easy to type (Same as copy run start). If | were to compare th: 
running configuration to the startup configuration, now they should both know about what! have 
configured. 


NOTE 


Many Cisco troubleshooters are still attached to the old commands that are left over from 
10S pre-10.3 code, such as write; however, Cisco says the commands will eventually go 
away.write memory saves the running configuration to the startup configuration, write 
terminal is like show running-config, and show config is like show startup-config. In 
a practical sense, | have had to use show config when not enough memory was available 
to type show running- config or show startup-config. 


Example 2-16 demonstrates show flash on a 2500 series router. 


Example 2-16. show flash on a 2500 Series Router 


r2>show flash 
System flash directory: 
File Length Name/status 


1 ISOTSOO: -e2500+1s=1.120=5 bin 


[7567564 bytes used, 9209652 available, 16777216 total] 
16384K bytes of processor board System flash (Read ONLY) 


r2> 


The shaded lines indicate that there is one file in Flash that takes up 7 MB out of the existing 16 ME 
available. The last line shows that the system Flash is read-only. The 2500 series routers run the I¢ 
from Flash because they were designed at a time when Cisco was trying to save users money. The 
image file is relocatable and is indicated as such by the letter | in the filename. To upgrade the |OS 
image on this router, | would need to get into rxboot mode by changing the config register to 
0x2101 as a consequence of the Flash being read-only. However, newer images and routers 
automate this for you with Flash load helper. Compare Example 2-16 to the Flash on a 3600 series 


router in Example 2-17. 


Example 2-17. show flash on a 3600 Series Router 


3620>show flash 
System flash directory: 
File Length Name/status 
1 3971288. ¢3620-d=mz.113=9.T 
[3971352 bytes used, 12805864 available, 16777216 total] 
16384K bytes of processor board System flash (Read/Write) 


3620> 


Notice the read/write status of Flash on the 3620. Like hard drives, Flash can be partitioned. 
Therefore, you may need to check the partitions, in which case the question mark (?) will help you 
through. Always check for additional Flash in slot0: and slot1: on routers with Flash memory cards 
For example, the 6509s may have additional Flash memory cards on the supervisor module. 


Assuming you had an updated |OS file handy that you had verified would work in your network, yo 
could take the time to upgrade the IOS. Copying configurations and upgrading IOS versions is 
somewhat assumed knowledge here. If you do need some practice, however, refer to the practical 
troubleshooting worksheets in Appendix B, "Troubleshooting Resources," or see Cisco.com for mor: 
information. A good starting place is the Cisco |OS Roadmap available at 


www.cisco.com/warp/public/620/roadmap.shtml. Alternatively, search for "cisco roadmap." 


Now turn your focus to some memory show commands, such as show memory, show processes 
show stacks, and show buffers to monitor memory leaks and utilization issues. 


InExample 2-18, | issued a show mem on my router and the Tab key to complete the command. | 


pressed the Spacebar to display the output screen- by-screen instead of just pressing Enter to see 
line-by-line. Many times | find what | need before the end of the display, so | tap the Esc key, Q ke 
or any key for that matter to stop where! am. Depending on the scroll buffer size, | scroll back to 
find the required detail. |n situations such as this where you are trying to capture output, log the 
session so that you can refer back to it later. The specifics depend on the terminal program. Becau: 
| am using SecureCRT for mine, | can go to the File menu and turn on the logging functionality, cle 
the screen, and start again. After | finish logging, | just turn it off so that | can open the saved 
session file in my SecureCRT directory. Then | rename the file to something relevant so that | can 
refer back to it later. Example 2-18 shows the available options for show memory and show 
memory ?. 


Example 2-18. show memory Output 


r2>show mem 


r2>show memory 


Head Total (bd) Used (b) Free(b) lLowest(b) Largest (b) 
Processor 94DC8 16163384 1578748 14584636 14437208 14437896 
1/0 4000000 2097152 336376 1760776 1760776 1760556 


Processor memory 


Address Bytes Prev. Next Ref PrevF NextF Alloc PC What 

94DC8 1064 0 9521 L 31AB1C4 List Elements 
IS2LE 2864 94DC8 95D78 L 31AB1C4 List Headers 
95D78 3992 9521C 96D3C L 314C830 TTY data 


I/O memory 


Address Bytes Prev. Next Ref PrevF NextF Alloc PC What 
4000000 260 0 4000130 1 3187E70 *Packet Data* 
4000130 260 4000000 4000260 1 3187E70 *Packet Data* 


r2>show memory ? 
allocating-process Show allocating process name 
dead Memory owned by dead processes 


fast Fast memory stats 


free Free memory stats 


io IO memory stats 
multibus Multibus memory stats 
pci PCI memory stats 
processor Processor memory stats 
summary Summary of memory usage per alloc PC 
<cr> 
42> 


show memory gives a block-by- block display of memory usage, which is why | had to stop the 
command and give you only a partial capture in Example 2-18. There are many processes running 
on the CPU that are allocated a certain amount of memory each. Consider the processor memory, f 
instance. You had better have at least 1 MB free, and if running Border Gateway Protocol (BGP), yc 
should consider more like 5 to 10 MB free working space to handle route flaps and convergence. 
From a troubleshooting standpoint, if a process doesn't de-allocate the memory it had and it is bei! 
allocated more memory, that is reason to watch it. Actually, this is referred to as a memory leak ar 
normally the fix is to upgrade the 1OS. For memory allocation errors, about all you can do 
temporarily is power cycle the box; for a more permanent fix, upgrade the |OS. Check Cisco.com a 
report the problem if you are the first to find it so that the rest of us don't have to suffer. 


Example 2-19 illustrates show process, which gives you the CPU utilization and memory usage. 


Example 2-19. show process Output 


r2>show process 


CPU utilization for five seconds: 21%/19%; one minute: 28%; five minutes: 23% 


PID OTy PC Runtime (ms) Invoked uSecs Stacks TTY Process 
1 €sp: 31COSCC 648 6436 100 736/1000 0 Load Meter 
2M» 0 124 14 8857 2792/4000 0 Exec 
3 Lst 31BODDA 10276 4864 14448 3704/4000 0 Check heaps 
4 Cwe 31B70F6 0 iL 0 3732/4000 0 Pool Manager 


r2>show process memory 


Totaly 18260536, Used: 1915000; Pree: 16345536 


PID TTY Allocated Freed Holding Getbufs Retbufs Process 


0 0 35668 1252 1641800 0 GO: *Init* 

0 0 484 109420 484 0 0 *Sched* 

0 0 3219684 1348972 1720 323940 0 *Dead* 

aL 0 268 268 1748 0 0 Load Meter 

2 0 312 0 56696 0 0 Exec 

3 0 0 0 4748 0 0 Check heaps 
PID TTY Allocated Freed Holding Getbufs Retbufs Process 


1914160 Total 


| cut most of the output from the commands in Example 2-19 because the main emphasis here is c 
the beginning shaded lines dealing with the CPU utilization and memory usage. show process 
shows the average CPU utilization for intervals of 5 seconds, 1 minute, and 5 minutes. After you 
have taken several snapshots of this command, you can then compare the relative instances that a 
particular process has been invoked. The one that has been invoked the most is more than likely 
responsible for the load on the CPU. The show process memory command offers a more detailed 
display on how each process allocates, frees, and holds memory. 


NOTE 


It is extremely important not to overload the router with debug packet-type commands if 
any of these utilization values are greater than 50%. Perhaps you can use debug event- 
type commands, for a little less overhead, to aid you in your troubleshooting. 


Example 2-20 shows the output of show stacks, which is used to monitor router processes and 
interrupts. This command is not a daily routine. If you use show version and see that the box 
reloaded because of a crash, however, use the show stacks command so that the Technical 
Assistance Center (TAC) can assist. |t may be helpful if you dump the output to the Cisco Stack 
Decoder Tool before you reload a crashed router. If the output doesn't appear to be helpful to you, 
may be of value to the Cisco TAC engineer; many times they have different versions of tools from 
what you and |! have. 


Example 2-20. show stacks Output 


r2>show stacks 


Minimum process stacks: 


Free/Size Name 


2348/4000 Init 


3468/4000 RADIUS INITCONFIG 


3388/4000 DHCP Client 


1964/4000 Exec 


3500/4000 Router Init 


Interrupt lével stacks: 


Level Called Unused/Size 
3 3 2772/3000 
4 139776 2576/3000 
5 LT1L009 2864/3000 
r2> 


Name 


Serial interface state change interrupt 


Network interfaces 


Console Uart 


Example 2-21 shows the output of show buffers, including the size of the various buffer pools. Th 
router is pretty smart in serving its customers (or should | say allocating buffers and reallocating a 
necessary), especially if you use the faster switching modes. Overruns occur when the hardware 
can't send received data to a buffer because the input rate exceeded its capability to handle the 
data. Underruns are when the transmitter is running faster than the router can process. However, 
interface buffers can fall back on system buffers as needed, which makes them pretty self-tuning. 


NOTE 


Newer versions of 1|OS do a much better job of tuning buffers on their own than earlier 
versions did. This is a case where tweaks, knobs, and adjustments are great if you know 
the impact of the defaults you are changing. Defaults are set for a reason, and when it 
comes to buffers, always consult TAC before you arbitrarily adjust them. 


Example 2-21. show buffers Output 


r2>show buffers 


Buffer elements: 
500 in free list (500 max allowed) 
18734 hits, O misses, 0 created 

Public buffer pools: 

Small buffers, 104 bytes (total 50, permanent 50): 
49 in free list (20 min, 150 max allowed) 
6802 hits, O misses, O trims, O created 
0 failures (0 no memory) 

Middle buffers, 600 bytes (total 25, permanent 25): 
25 in free list (10 min, 150 max allowed) 
2765 hits, O misses, 0 trims, O created 


0 failures (0 no memory) 


Big buffers, 1524 bytes (total 50, permanent 50): 
50 in free list (5 min, 150 max allowed) 
1115 hits, O misses, O trims, O created 
0 failures (0 no memory) 
VeryBig buffers, 4520 bytes (total 10, permanent 10): 
10 in free list (0 min, 100 max allowed) 
O hits, O misses, O trims, O created 
0 failures (0 no memory) 
Large buffers, 5024 bytes (total 0, permanent 0): 
QO in free list (0 min, 10 max allowed) 
O hits, O misses, O trims, O created 
0 failures (0 no memory) 
Huge buffers, 18024 bytes (total 0, permanent 0): 
QO in free list (0 min, 4 max allowed) 
O hits, O misses, O trims, 0 created 


0 failures (0 no memory) 


Interface buffer pools: 

EthernetO buffers, 1524 bytes (total 32, permanent 32): 
8 in free list (0 min, 32 max allowed) 
24 hits, O fallbacks 
8 max cache size, 8 in cache 

SerialO buffers, 1524 bytes (total 32, permanent 32): 
7 in free list (0 min, 32 max allowed) 
705 Aats, 0 tfallbacks 
8 max cache size, 8 in cache 

Seriall buffers, 1524 bytes (total 32, permanent 32): 
7 in free list (0 min, 32 max allowed) 
25 hits, OQ fallbacks 
8 max cache size, 8 in cache 


r2> 


Youmust know and understand the Cisco |OS to become a CCNP and to give Cisco the information 
they need to help you. One of the best things to review the previous commands, to assist with youl 
baseline, and to give to TAC is the output of show tech-support. It is excellent documentation for 
you to have the normal output of this command when things are operating the way they should so 
that you have a comparison when things are not operating so smoothly. The output of show tech- 
support is a little lengthy. | cut most of the output in Example 2-22, but left enough for you to get 
feel for the usefulness of the command. 
Depending on the hardware and the |OS feature sets, show tech-support includes output from th 
following commands as well as others. The following list shows common shortcuts for some of the 
full commands displayed in this chapter: 

e shver 

e shrun 

e shcontr 

e shstac 

e shint 


e sh proc mem 


e sh proc cpu 


e sh buf 


Example 2-22. show tech-support Output 


r2>show tech-support 


show version 


Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 


Ez 


32K bytes of non-volatile configuration memory. 
16384K bytes of processor board System flash (Read ONLY) 


Configuration register is 0x2102 


show running-config 


Building cContigurat ion... s 


Current configuration: 


version 12.0 


service timestamps debug uptime 


service timestamps log uptime 


no service password-encryption 


hostname r2 


show controllers 


LANCE unit 0, idb 0xD9280, ds OxDAB88, regaddr = 0x2130000, reset_mask 0x2 


IB at 0x4006E64: mode=0x0000, mcfilter 0000/0000/0100/0020 


station address 0000.0c38.a05d default station address 0000.0c38.a05d 


show stacks 


Minimum process stacks: 


Free/Size Name 


2348/4000 Tae 


Interrupt level stacks: 
Level Called Unused/Size Name 


3 3 2772/3000 Serial interface state change interrupt 


show interfaces 


EthernetO is up, line protocol is up 


Hardware is Lance, address is 0000.0c38.a05d (bia 0000.0c38.a05d) 


SerialO is up, line protocol is up 


DCD=up DSR=up DTR=up RTS=up CTS=up 


Seriall is administratively down, line protocol is down 


DCD=down DSR=down DTR=down RTS=down CTS=down 


show process memory 


Total: 18260536, Used: 1915584, Free: 16344952 
PID TTY Allocated Freed Holding Getbufs Retbufs Process 
0 0 35668 1252 1641800 0 0. *Tnit* 


1914784 Total 


show process cpu 


CPU utilization for five seconds: 21%/14%; one minute: 23%; five minutes: 


PID Runtime (ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 
1 676 6972 96 0.00% 0.00% 0.00% OQ Load Meter 


2 9400 137 68613 1.613 8.50% 2.59% 0 Exec 
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show buffers - 


Buffer elements: 
500 in free list (500 max allowed) 
19804 hits, O misses, 0 created 
Public buffer pools: 


Small buffers, 104 bytes (total 50, permanent 50): 


Huge buffers, 18024 bytes (total 0, permanent 0): 
Interface buffer pools: 


EthernetO buffers, 1524 bytes (total 32, permanent 32): 


SerialO buffers, 1524 bytes (total 32, permanent 32): 


Seriall buffers, 1524 bytes (total 32, permanent 32): 


R2> 


Obviously, this section has not covered all the show commands of the |1OS; nor will you ever cover 
all the show commands because Cisco is constantly improving their |OS. This section has provided 
an overview of the most useful commands and how to interpret them so that you can use them 
throughout the exercises in this book. Now that you have examined some of the more common shc 
commands, turn your attention to ping to assist with troubleshooting targets up through the 
Network Layer. 


Cisco Ping Commands 


Ping is a lifesaver to determine end-to-end connectivity and reachability issues. However, it has thr 
potential to disrupt routers if not handled properly. As with the other tools, it is helpful to baseline 
and have the normal output of ping commands when the network is working properly to compare 
against those times when you are troubleshooting. By the way, ping is not just for IP; it is a valuak 
tool for IP, |PX, and other protocols as well. 


NOTE 


As previously mentioned, ping may potentially disrupt routers, and this is putting it mildly. 
Enterprise organizations and Internet service providers (ISPs) generally filter Internet 
Control Message Protocol (ICMP) packets because they can be used to launch denial- of- 
service (DoS) and other hack attacks. 


| sometimes think of ping as a Ping-Pong game. Ping first sends an |CMP Echo Request packet and 
awaits an ICMP Echo Reply. Many times ping fails because the Echo Request is successful, but the 
Echo Reply doesn't have a way to return. Note the basic Cisco ping output in Example 2-23. The 
success rate of 5/5 is obviously what you want to see compared to the 0/5 (where there is most 
definitely a problem at Layer 3 or below). If the success rate is less than 5/5, remember to ping 
again for more accurate results. When the success rate is 4/5 (80 percent) in a Cisco environment, 
normally just write it off to ARP performing its duties and ping again if | really must see 5/5 (100 


action.Example 2-23 demonstrates user-mode ping across a point-to-point HDLC serial link where 
ARP is not necessary. 


Example 2-23. User-Mode ping 


r2>ping 192.168.1.1 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms 


From the preceding ping and ARP examples, and in your day-to-day troubleshooting, it is fairly eas 
to interpret that an exclamation (!) means successful and a period (.) means not successful. The 
success rate is a percentage of packets echoed back to the router, and anything less than 80 perce 
is usually problematic. The round-trip time intervals display as minimum, average, and maximum, 
and are quite helpful to compare against your baseline for how long it takes to receive a reply. Tab 
2-3 explains ping character output. 


Table 2-3. Cisco Ping-Pong Table 


Output Description 


Each bang represents the receipt of a reply. 


Timeout while waiting for reply. 


Destination unreachable. 


Network unreachable. 


Protocol unreachable. 


U 
N 
P 
Cc Congestion OCCURRED. 
Q 
M 
A 


Source quench. Router saying slow down. 


Maximum transmission unit (MTU) problem. Could not fragment 


Administratively prohibited. 


| User-interrupted ping. 


? Unknown packet type. 
& Packet lifetime exceeded. 
Ctrl+Shift +6 Abort Cisco ping. 


% Unrecognized host or address | Name resolution issue. 


The preceding example demonstrates the user-mode ping that can be issued in user or enable moc 
Extended ping is available only from enable mode (#). For IP, you can relate these extended optio 
to the fields in the IP packet (after we review the IP header options in Chapter 3, "Shooting Troubl« 
with IP.") Table 2-4 lists the extended ping options. 


Table 2-4. Extended Ping Options 


Field Description 

Protocol[!P]: Default is I P. 

Target IP address: Destination host name or IP address. 

Repeat count[5]: Number of ping packets. Default is 5 ping packets. 

Datagram size Size of ping packets. Default size of the ping packet is 100 bytes. 

[100]: 

Timeout in Default timeout interval is 2 seconds. 

seconds 2]: 

Extended Default is no extended commands, but you can type Y to indicate you want 
commands[n]: a series of additional commands to appear. Some of these commands follov 
Source address or Set the source address in the ping packet. 

interface: 

Type of service [0]: | TOS selection. Default is 0. 


Set DF bitin IP 
header? [no]: 


Don't fragment. Drop and send error message instead. Helps determine the 
smallest MTU in the path. Default is no. 


Validate reply data? 
[no]: 


Specify whether to validate the reply data. Default is no. 


Data pattern 


Default is ABCD, but varying to all 1s or Os can be helpful when debugging 


[OxABCD]: channel service units/data service units (CSUs/DSUs) or detecting cable 
problems such as crosstalk. 

Loose, Strict, The default is none. Other header options include the following: 

Record, Timestamp, 

Verbose[none]: Loose— List of nodes that must be traversed 


Strict— List of nodes that must be the only nodes traversed 
Record— Path 
Timestamp— Times 


Verbose— Detailed information 


Sweep range of 
sizes[n]: 


Vary the size of the echo packets being sent. Useful to determine the 
minimum MTUs configured from the source to destination. Reduce 
performance problems related to fragmentation. 


Each bang (!) indicates the receipt of a reply, whereas a period (.) indicate: 
a timeout while waiting for a reply. 


Success rate is 100 
percent 


100 percent or 5/5 is obviously what you want to see, not the 0/5, which 
most definitely indicates a problem at L3 or below. If the success rate is les 
than 100 percent, remember to ping again for best results. When the 
success rate is 4/5 (or 80 percent) in a Cisco environment, | normally just 
write it off to ARP performing its duties. 


Round-trip 
min/avg/max = 
1/2/4 ms 


Round-trip minimum/average/maximum milliseconds for the reply packet. 


Typeping and press Enter to specify the extended protocol options in Example 2-24. 


Example 2-24. Cisco Extended Ping 


r2#ping 


Protocol [ap]: 


Target IP address: 


Repeat count [5]: 


Datagram size 


Timeout in seconds 


192.168.4.1 


[LOO } 3 


[2] 3 


Extended commands [n]: y 

Source address or interface: 192.168 ..3:.1 

Type of service: [0]: 

Set DF bit ifn IP’ header? [no] % 

Validate reply data? [no]: 

Data pattern [0OxABCD]: 

Loose, Strict, Record, Timestamp, Verbose[none]: 
Sweep range of sizes [n]: 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 


c2# 


Example 2-24 illustrates extended ping in action, but the success rate of 0/5 is not so successful. I1 
is important to note that you must answer yes to the extended commands section to get more 
choices to assist you with troubleshooting. 


In the "Cisco Trace Commands" and "Cisco Debug Commands" sections of this chapter, and in 
Chapter 3, you will explore more troubleshooting using ping. After all, ping is one of the easiest tes 
you can perform to test all the way through Layer 3. 


NOTE 


Use ping to identify lower-level troubleshooting targets. Ping yourself, ping someone local, 
ping the default gateway, and ping a remote host. If you are still having problems, trace is 
a great companion utility to ping. Ping and trace complement one another. Ping shows 
connectivity and delay up to Layer 3, and trace shows the path from the source to the 
destination. 


Cisco Trace Commands 


Thetraceroute command uses a hop-by-hop approach to finding the problem. It is a valuable tool 
for figuring out how far can you get and finding exactly where the connection fails. Take a look at 
how the tool works. Three probes are sent to each hop starting with a time-to-live (TTL) of one for 


the first hop. When the TTL expires, the round-trip time for each probe is sent back to the originat« 
After every third probe, the TTL is increased by one to make it to the next router. Often, timeouts 
occur and traceroute prints * to the screen. As long as one attempt out of three works, you get hc 
information, but the exact output depends on such items as the security levels at each hop. Try 
multiple traces to see whether the same route is taken each time. Table 2-5 describes traceroute 
output. As with Cisco ping, traceroute offers extended options, too. J ust type trace or tracerout: 
and press Enter to see them. 


Table 2-5. traceroute Characters 


Output | Description 

nn msec | Round-trip time per probe in milliseconds. 

Sa The probe timed out. 

aq Unknown packet type. 

A Administratively unreachable; check for access list issues. 

H Host unreachable. 

N Network unreachable. 

P Protocol unreachable. 

Q Source quench. 

U Port unreachable. Probe received but discarded because it could not deliver to the 
application. 


Now that! have introduced a few tools, | want you to refer back to the practical examples provide 
thus far, if necessary, to help troubleshoot a particular problem in Example 2-25. The chapter 
scenario is pictured in Figure 2-2 for your convenience. | am on r2 trying to ping the far side of r1. 
This worked in my earlier test when | added RIP, but | can't ping now. 


Example 2-25. Trace Troubleshooting 


r2>ping 192.168.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 

r2>trace 192.168.1.1 


Type escape sequence to abort. 


Tracing the route to 192.168.1.1 


r2>show ip route 


Cc 192.168.2.0/24 is directly connected, Serial0O 

c 192.168.3.0/24 is directly connected, Ethernet0O 
r2>show ip protocols 

Routing Protocol 2s “rip” 


Sending updates every 30 seconds, next due in 23 seconds 


Routing for Networks: 
192.168:.2.0 


1927 68s 3:0 


r2>where 
Conn Host Address Byte Idle Conn Name 
* 1 rl 192.168.2441 0 2 el 


rl>show ip route 


Cc 192.168.1.0/24 is directly connected, Ethernet0O 
Cc 192.168.2.0/24 is directly connected, Serial0O 
rl>show ip protocols 


ri> 


Figure 2-2. Chapter 2 Scenario and Logging 


Network 1 Network 2 Network 3 
192.168, 1.0/24 192.168.2.0/24 192.168.3.0/24 


2516 2501 


Logging logging monitor 
Buffered logging ip-addr 


hostc 


(Default) logging trap 5 
show log 
Syslog 
Server 
Logging on (Default) Terminal 
Logging Console Monitor 
Console 


Certainly, we have all had problems where things worked fine yesterday but there seems to bea 
problem now. Example 2-25 shows the output of my problem. The ping command did not work. 
Because | am trying to ping to a different network and it failed, | thought | would try traceroute t 
see whether there was a particular stopping point. traceroute just gave me a bunch of timeouts (° 
so | thought! would telnet to rl to see whether it could reach its own local interface of 192.168.1.° 
Instead of letting my screen fill up with asterisks, | pressed the Ctri+Shift+6 key sequence to abor 
thetraceroute command. Then | used the where command to see whether | already had a telnet 
session open. You may be more familiar with the show sessions command, but where is exactly 
the same. Because rl was an active telnet session, | just pressed Enter to return to it. | typed in tw 
commands that output in detail what the problem is. Think about it a little. | will fix the problem in 
Example 2-26, so you can check to see whether you are right. 


NOTE 


Just as where is an alternative command for show sessions, who is an alternative 
command for show users. 


Example 2-26. Now | Can Ping 


rl(config) #router rip 
rl (config-router) #network 192.168.1.0 
rl (config-router) #network 192.168.2.0 


rl (config-router) #end 


rl#write mem 
!!!write mem is the same as copy run start 
Building contigquration. +. 


rl#show ip route 


Cc 192.168.1.0/24 is directly connected, Ethernet0O 

Cc 192.168.2.0/24 is directly connected, Serial0 

R 192..168:.3.:0/24 [1120/1] via 192.168.2.2, 00:00:02, Serial0 
cl#exit 


[Connection to rl closed by foreign host] 


r2>show ip route 


R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:25, Serial0 
Cc 192.168.2.0/24 is directly connected, Serial0 
ic 192.168.3.0/24 is directly connected, Ethernet0O 


r2>ping 192.168.1.1 
Type escape sequence to abort. 
Sending 5, 100=byte ICMP Echos to 192.1608.1.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms 
r2>trace 192.168.1.1 
Type escape sequence to abort. 
Tracing Ehe route to 192.168.1141 
1 rl (192.168.2171) 16 msec * 16 msec 


r2> 


NOTE 

The moral of this example is that you shouldn't hook your router up to an outlet that is 
controlled by your light switch and then forget to save your configuration. The more times 
you do things like that, however, the better support person you will be (because you will 


certainly remember it the next time). In a practical environment, these devices should be 
on an uninterruptible power supply (UPS) anyway. 


You can thank Van Jacobson for the traceroute utility. The Microsoft implementation of trace is 
tracert; the Cisco/UNIX implementation is traceroute (or trace for short). The Microsoft tracert 
command tests only through Layer 3 because it is based on ICMP packets; whereas the UNI X/Ciscc 
traceroute command is UDP-based, so it tests through Layer 4. On a practical note, you better 
consider this when writing your access lists—many people filter out |CMP by default as a security 
method for ping scans. Some do, and some do not filter the high- port UDP out. Hence trace results 
from the same network may deliver different results. The same holds true for traffic engineering 
giving lower preference to ICMP packets. Example 2-27 shows the output of an extended tracerou 
command. 


Example 2-27. Extended traceroute Command 


rl#trace 192.168.3.5 
Type escape sequence to abort. 
Tracing the route to HostC (192.168.3..'5) 


1 r2 (192.168.2.2) 16 msec 16 msec 16 msec 


HostcC (192.168.3.5) 20 msec 16 msec 
!!luser trace is above 
!!lextended trace is below 
rl#trace 
Protocol apis 
Target IP address: 192.168.3.5 
Source address: 
Numeric display [n]: 
Timeout in seconds [3]: 
Probe count [3] 


Minimum Time to Live [1]: 


Maximum Time to Live [30]: 
Port Number [33434]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Type escape sequence to abort. 
Tracing the route to HostC (192.168.3..5) 
1 r2 (192.168.2.2) 16 msec 16 msec 16 msec 
2 Hostc (192.168.3.5) 16 msec 16 msec 16 msec 


v1l# 


Fields unique to the extended traceroute command include Source address; Numeric display; 
Timeout; Probe count; Time to Live; Port number; and Loose, Strict, Record, Timestamp, and 
Verbose. Numeric display is helpful when DNS is failing. TTL is helpful when you know your networ 
is good but the problem is outside. Suppose, for example, that you are about six hops from the 
Internet. J ust change the minimum TTL to six to start your testing there. 


Now that you have show, clear, ping, and traceroute in your tool bag, take a look at some other 
tools innate to the Cisco 1OS that are often very helpful for troubleshooting, such as log and debu 


NOTE 


Good documentation techniques—such as adding descriptions on your interfaces, and 
annotating (! or remark) your configurations—are things you will thank yourself for at a 
later date. (Refer back to Example 2-27, for instance, where | made a remark about the 
user and extended trace within the configuration commands.) Another practical example of 
this is to add a remark when you update an access control list (ACL) with such information 
as its purpose, the point of contact (POC), and the date. 


Cisco Logging Commands 


Logging enables you to monitor and view messages that record real-time events, such as errors, 
warnings, and state transitions. All messages are logged to the console by default, but you can anc 
should limit them. Limiting logging is extremely important to lessen the impact on performance (ar 
to get your CCNP). Type show logging, as in Example 2-28, to see how it is set up. 


Example 2-28. show logging Output 


r2>show logging 


Syslog logging: enabled (0 messages dropped, 0O flushes, 0 overruns) 


Console logging: level debugging, 9 messages logged 


Monitor logging: level debugging, 0 messages logged 


Buffer logging: level debugging, 9 messages logged 

Trap logging: level informational, 13 message lines logged 
Log Buffer (4096 bytes): 
00:00:42: SLINK-3-UPDOWN: Interface Ethernet0O, changed state to up 


00:00:42: SLINK-3-UPDOWN: Interface Serial0, changed state to up 


NOTE 


Console logging is harsh. If you must use it, at least go in through the vty (terminal) lines. 
Logging to a syslog server is even better than telnetting in, and logging to an internal 
buffer is the best (assuming you increase the buffer size), or least overhead | should say. 


Table 2-6 lists levels, keywords, descriptions, and syslog definitions to assist you with minimizing t 
impact of logging. Error messages are typically structured in the following syntax: %FACILITY- 
SEVERITY-MNEMONIC: Message text, where FACILITY examples include two or more capital letters 
about a hardware device, software module, or protocol. SEVERITY is a number from zero to seven, 
with zero signifying the most serious condition. MNEMONIC uniquely identifies the message. 


Table 2-6. Logging Keywords and Levels 


Level Keyword Severity Description Syslog Definition 
0 Emergencies System unusable. LOG EMERG 

1 Alerts Immediate action needed. LOG_ALERT 

2 Critical Critical conditions exist. LOG_CRIT 

3 Errors Error conditions exist. LOG_ERR 

4 Warnings Warning conditions exist. LOG_WARNING 

5 Notification Normal but significant conditions exist. LOG NOTICE 

6 Informational Informational messages. LOG_INFO 

y Debugging Debugging messages. LOG DEBUG 


Typeno logging console or logging console [level] using one of the levels specified in Table 2-6 
Keep in mind that the default level is 7 for debugging, which includes levels equal to or less than 7 
Example 2-29 illustrates other options for logging; in the example, however, | chose to direct all 
logging to the console and turn it off to all other supported destinations with no logging on. 


Example 2-29. no logging on Output 


r2(config)#no logging ? 


Hostname or A.B.C.D IP address of the logging host 


buffered Set buffered logging parameters 

console Set console logging level 

facility Facility parameter for syslog messages 

history Configure syslog history table 

monitor Set terminal line (monitor) logging level 

on Enable logging to all supported destinations 

source=interface Specify interface for source address in logging 
transactions 

trap Set syslog server logging level 


r2 (config) #no logging on 

r2 (config) #end 

01:27:39: SSYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging outpu 
SSYS-5-CONFIG_I: Configured from console by consoler2# 

r2#show log 

Syslog logging: disabled (0 messages dropped, 1 flushes, 0 overruns) 


Console logging: level debugging, 10 messages logged 


Monitor logging: level debugging, 0 messages logged 

Buffer logging: level debugging, 9 messages logged 

Trap logging: level informational, 13 message lines logged 
Log Buffer (4096 bytes): 


00:00:42: SLINK-3-UPDOWN: Interface Ethernet0O, changed state to up 


00:00:42: SLINK-3-UPDOWN: Interface Serial0, changed state to up 


r2 (config) # 


Youmust configure logging to limit the overhead on your router for logging to the console, logging 
to other terminals (monitor), and logging to a syslog server. | mentioned the levels in Table 2-6; 
some of the basic commands are in Table 2-7. Also refer back to Figure 2-2 for a logging illustratic 
of the chapter scenario. 


Table 2-7. Configuring Logging 


Logging Command | Explanation 


logging ip address | Log to syslog server. 


logging Log to internal buffer where the newer logs overwrite the older ones. Show 
bufferedl41 log to see the output. 

logging console Log to console according to level specified. 

[level] 


logging monitor Log to vty (terminal) line according to level specified. 
[level] 


logging trap [level] | Log to syslog according to level specified. (The four types of syslog message 
are listed later in this section. ) 


no logging on Logging enabled for console only. 


(“llogging buffered includes an optional but recommended command to increase the default 4 k memory buffer 
Just specify a new buffer size, such as 500, after the command. 


Redirecting error message and debug output is critical to router performance. Routers are packet 
forwarders. Logging and debug are for troubleshooting, not for day-to-day routines. The following 
list re-emphasizes, from highest to lowest, the logging overhead on the router: 

e Console 

e vty 

e Syslog 

e Internal buffer logging 


The Cisco |OS generates four types of syslog messages: 


e Software/hardware malfunctions show at the errors level. 


e Interface transitions and system restarts show as notifications. 


e Reload requests and stack messages show as informational. 
e Debug output shows as debugging. 


Logging is quite helpful with troubleshooting and is more than just documentation. You should look 
up your most common syslog output at Cisco.com so that you can correlate them into your networ 
management program and documentation to help you quickly identify problems. Next look at some 
common debug commands in the last |OS troubleshooting category covered here. 


Cisco Debug Commands 


Because of the impact on the processor and memory, only use debug commands for troubleshootir 
traffic flow or misconfigurations, not for normal daily operations. Ideally, debug commands are 
helpful during periods when there is not much traffic and not many users. 


You must be in privileged exec (enable) mode to use it, and debug requires process switching. Son 
debug commands force you to turn off fast switching entirely to receive debug output. Like logging 
debug default system error messages are sent to the console. What this really means is that every 
character generates a processor interrupt, which in turn is a significant performance hit. As 
mentioned in the logging section, however, you can issue a no logging console command and vie 
the debug output through a telnet session. Use terminal monitor (term mon) as necessary to vie 
debug over a vty session (line vty O 4). You can even spool the output to a syslog server with the 
commandlogging [ip-address]. 


The following examples offer some practical suggestions for using debug as a troubleshooting tool. 
One that | don't plan to capture for you is debug all. Do not issue this command in a production 
environment. The impact of a single debug statement has the potential to bring a router down, so 
you can imagine the impact of debug all. By the way, u all, short for undebug all or no debug a 
is how to turn it off—that is, if you haven't rendered the router unusable. 


Make use of your history buffer with debug. Type undebug all, turn on the required debug 
parameters, for example, and use the Up Arrow key to turn it off. How useful this is really depends 
on how many commands you input after typing undebug all. Whatever the method, make sure yo 
turn debug off after troubleshooting. In addition, if the particular debug command forced you to 
turn off fast switching with the no ip route-cache command, | highly recommend you turn it on 
again. 


As you see in Example 2-30, service time stamps are available for logging and debugging. Another 


tool that makes them a lot more useful is the Network Time Protocol (NTP). It is free, so why not u 
it. Go to Cisco.com and search for "NTP" to enable and troubleshoot NTP. 


Example 2-30. Practical debug Using Time Stamps 


rl(config) #service timestamps ? 
debug Timestamp debug messages 
log Timestamp log messages 
<Cr> 


rl(config) #service timestamps debug ? 


datetime Timestamp with date and time 
uptime Timestamp with system uptime 
<Er> 

rl(config) #service timestamps debug datetime ? 
localtime Use local time zone for timestamps 
msec Include milliseconds in timestamp 
show-timezone Add time zone information to timestamp 
Ker> 

rl(config) #service timestamps debug uptime ? 


<{cr> 


Knowing and minimizing the impact of troubleshooting tools on device performance should be part 
your plan. Good tools require care and feeding, so remember to balance the impact of what you 
need to capture with device overhead. Debug is a good example. When debugging packets, for 
instance, use an ACL to limit the output scope. (See Example 2-31.) Caution: Always remember to 
turn the tool off with the command undebug all, no debug all, or just type no in front of the 
specificdebug command you want to quit. Always practice safe debug. Cisco helps you out on this 
one in that debug commands are not saved as part of the NVRAM or startup configuration. You can 
do anything you want on a test network, but a production network is another story. See the Debug 
Command Reference in Cisco.com documentation for more assistance with debug. You will get very 
familiar with specific debug output in your own troubleshooting scenarios and as the need arises in 


the Trouble Tickets to come in this book. 


Example 2-31. Using an ACL with debug 


rl(config) #ip access-list extended limitdebug 


rl (config-ext-—nacl) #permit tcp host 192.168.1.11 gt 1023 host 192.168.3.5 eq www 


rl (config-ext-—nacl) #permit tcp host 192.168.3.5 eq www host 192.168.1.11 gt 1023 


rl (config-ext-—nacl) #exit 
rl(config) #interface sO 
rl(config-if)#no ip route-cache 
rl (config-if) #end 


rl#term mon 


rl#debug ip packet limitdebug detail 


Notice in Example 2-31 that the named ACL limitdebug is created, fast switching is disabled on the 
interface, and the ACL is applied to only the debug output according to the permit statements 

specified. This not only limits the debug overhead activity on the box, but also limits the extra lines 
you need to search through to find the problem. 


The next couple of examples illustrate some common uses for debug. You will have an opportunity 
use debug to debug your own problems in the upcoming Trouble Tickets and in your real-world 
networks.Example 2-32 captures ICMP traffic. 


Example 2-32. debug ip icmp 


r2#debug ip 
ICMP packet 
r2#ping 192. 


Type escape 


sending 5, 100=byte ICMP Echos to 192.163.1.1, 


icmp 


debugging is on 


168.1.1 


sequence to abort. 


Success rate is 100 percent (5/5) 


c2# 


12:53:23: ICMP: echo reply revd, 


12:53:23: ICMP: echo reply revd,; 


12253323: ICMP: echo neply revd, 


1A:533232 ICMP: echo reply revd; 


12253323: ICMP: echo reply revd, 


r2#undebug all 


All possible debugging has 


timeout is 


, vound-trip min/avg/max 


sre 


sre 


SELES 


sre 


SEC 


192. 


192. 


192. 


192. 


192): 


been turned off 


LO8:.4 


168.1 


168:;1 


168.1 


L684 


dst 


dst 


dst 


dst 


dst 


192: 


Lo? . 


LO?'s 


LOA. 


To: 


2 seconds: 


32/34/36 ms 


163:.2.32 


163'.2).2 


1682.62 


168.2.2 


168:.2.32 


Example 2- 32 illustrates the five ICMP Echo Replies received from 192.168.1.1, whereas Example: 
33 shows the output of debug ip packet. Packetanything means more detail and stress on the 
device; therefore, you must weigh the overhead of the command to your troubleshooting needs. 


Example 2-33. debug ip packet 


r2#debug ip packet 
IP packet debugging is on 


r2#ping 192.168.1.1 


Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/40 ms 

cat 

12:54:13: IP: s=192.168.2.2 (local), d=192.168.1.1 (Serial0), len 100, sending 
L2354:213% IPs s=192.168.1.1 (Serialo), d=192.168.2.2 (Serialo), Jen 100, revd 3 
12:54313% IPs s=192.168:..2.2 (local), d=192.163.1.1 (Serialod),. len 100,. sending 
12:54:13: IP: s=192.168.1.1 (Serial0), d=192.168.2.2 (Serial0), len 100, revd 3 


123542132 IP: s=192.168.2.2 (local), d=192.163.1.1 (Sertal0), len 100, sending 


122542132 IP: s=192.1681.1 (Séeriald), d=192.168.2.2 (Serialo), len 100, revd 3 


AlthoughExample 2-34 is even more stressful, it provides detailed output. First! issue a show 
debug to verify that no debug commands are currently running. Then | issue the debug ip packe 
detail command. Note the shaded area showing the Echo Reply ICMP code as 0 and the Echo ICMI 
code as 8. Table 2-8 describes the various |CMP codes. 


NOTE 


Search the Cisco.com for "debug command reference" for more detail. 


Example 2-34. debug ip packet detail 


r2#show debug 

r2#debug ip packet detail 

IP packet debugging is on (detailed) 
r2#ping 192.168.1.1 

Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.1.1, 


timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 40/41/44 ms 


c2# 


O3313346: IPs: s=192,.166..2.2. (local), d=192..163..12.1 


O'S 13:46 3 ICMP type=8, code=0 


03:13:46; IP: s=192.168.1.1 (Serial0), d=192.168.2 


O's2 S84 Gs ICMP type=0, code=0 


03:13:46: IP: s=192.168.2.2 (local), d=192.168.1.1 


O'S 13:46 3 ICMP type=8, code=0 


O33133467> TPs: s=L192.166.-1.1 (Serial0), d=192.168..2 


O32 1324 6s ICMP type=0, code=0 


OZs13352:° TP: s=192 168.31 (local); d=255.255.255 


sending broad/multicast 


OS S525 UDP src=520, dst=520 


O321 3252: LPs s=l92.168 2.2 (local), G=255. 255.255 


sending broad/multicast 
O3S2132523 UDP src=520, dst=520 


r2#undebug all 


(SerialO), 


-2 (SerialO), 


(SerialO), 


-2 (SerialO), 


e200 


2209 


(SerialO), 


Table 2-8. |CMP Type Values and Codes 


len 100, sending 


len 100, rcevd 3 


len 100, sending 


len 100, rcvd 3 


(Ethernet0O), len 72, 


len 52, 


Value | Code 


0 Echo Reply 


3 Destination unreachable 

Code 0 - net unreachable 

Code 1 - host unreachable 

Code 2 - protocol unreachable 

Code 3 - port unreachable 

Code 4 - fragmentation needed and DF set 


Code 5 - source route failed 


Source Quench 


Redirect 


Echo Request 


4 
5 
6 Alternate- address 
8 
9 


Router- advertisement 


10 Router-solicitation 


1:1 Time-exceeded 
Code 0 - TTL exceeded in transit 


Code 1 - fragment reassembly time exceeded 


12 Parameter- problem 


13 Timestamp-request 


14 Timestamp-reply 


15 |nformation-request 


16 Information-reply 


17 Mask-request 


18 Mask-reply 


31 Conversion-error 


32 Mobile-redirect 


The primary focus of this chapter is on tools innate to the Cisco IOS, such as show, ping, trace, log 
and debug. The generic output of each has been covered so far, but | will see that you explore mor 
specifics relating to various protocols and technologies throughout this book. Because other tools a 
also very valuable in testing and managing the network, the discussion now briefly turns to 
hardware tools, network monitors, protocol analyzers, network management systems, simulation 
and modeling tools, desktop tools, and other resources. Sometimes one tool is not enough, or you 
may have access to one tool and not the other. First, however, | want to make sure you are familiz 


with CCO. 


Cisco Resources 


Cisco enables you to be proactive and reactive when it comes to troubleshooting. Some of their 
resources to prevent problems include Cisco Connection Online (CCO), the Documentation CD- 
ROM, the Cisco Networking Products Marketplace, and Cisco Technical Assistance Center (TAC). 


Cisco Connection Online (CCO) 


CCO (www.cisco.com) is a global intranet accessible over the Internet. It contains such links as 
Solutions for Your Network; Ordering; Training, Events, and Seminars; Corporate News and 
Information; Products and Technologies; Service and Support; and Partners and Resellers. 
Products and Technologies is a good place to start for troubleshooting. These pages deliver up- 
to-date technical information that is continually updated by Cisco TAC engineers. Figure 2-3 
shows the CCO home page. 


Figure 2-3. Cisco Connection Online 
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The CCO infrastructure is secured behind a firewall that includes Secure Transport Architecture 
(STA) providing a secure transaction pipe between the web servers on the public Internet and 
Cisco's internal systems. CCO is available in English, Chinese, Danish, Dutch, Finnish, French, 
German, Italian, Japanese, Korean, Norwegian, Portuguese, Russian, Spanish, and Swedish. 
However, the initial home page is in English; from the home page, you make a selection to view 


the appropriate translated content. 


Cisco provides guest access to company and product information for the general public and 
registered access for customers that have purchased equipment, support contracts, or who are 
sponsored by a Cisco-authorized partner. Registration requires a corporate number. Registered 
users who log in are taken to the main server in San Jose, California. CCO is geographically 
dispersed for response time. Other servers include Australia, China, France, Hong Kong, Japan, 
Netherlands, South Korea, and the United Kingdom. Cisco support centers include San J ose, 
California; Raleigh, North Carolina; Brussels, Belgium; and Sydney, Australia. 


NOTE 


The book does not differentiate between registered access and guest access; it just 
assumes you are logged in with your CCO account which you can do from Cisco.com. A 
registered CCO account is a critical tool for your tool bag. 


CCO is in HTML format, which means you can easily return to documents you have looked at 
before using bookmarks. The history facility enables you to keep track of what you have looked 
at in the past 60 days. CCO is available on the web or via CD-ROM. It is the best place to get 
current documentation for technology, products, configuration, commands, and troubleshooting. 
It includes a search engine (now powered by Google). 


Cisco Documentation CD-ROM 


The portable version of CCO, the Cisco Documentation CD-ROM (Doc CD), is available to you in 
many ways, including the following: 


e Registered Cisco direct customers can order Cisco product documentation from the 
Networking Products MarketPlace: 


www.cisco.com/cgi-bin/order/order_root.pl 


e Registeredcisco.com users can order the Doc CD through the online Subscription Store: 


www.cisco.com/go/subscription 
e NonregisteredCisco.com users can order documentation through a local account 
representative by calling Cisco corporate headquarters (California, USA) at 408-526-7208 
or, elsewhere in North America, by calling 800-553-NETS (6387). 
| prefer to go to www.cisco.com/univercd/home/home.htm for the online version that is updated 
more frequently. The following are some examples of what is contained on the Cisco Doc CD: 
e IOS release notes, configuration guides, command references, command summaries 


e Debug command reference and system error messages 


e Cisco MIB user quick reference and access services 


e Quick configuration guide 

e Cisco product catalog 

e Router and hub installation and configuration guides 

e Switch installation and configuration guides and MIB reference guides 
e Client/server software installation guides 


e Configuration notes for memory upgrades, network interface cards (NICs), rack-mount kits, 
and other field-upgradeable products 


| particularly like the Technology section, which includes selections such as Technology, Design, 
Installation, Troubleshooting, Case Studies, and a Terms and Acronyms page. The 


www.cisco.com/univercd/ cc/td/doc/cisintwk/itg_v1/index.htm URL is most relevant to support 
topics; it covers troubleshooting anything. Search for "internetwork troubleshooting guide." 


NOTE 


Those of you going for a hands-on Cisco test, such as CCIE (Expert) or CCSI 
(Instructor), must familiarize yourself with the Doc CD. Just like in many real 
troubleshooting environments, while under great pressure and trying to conserve time, 
it isn't in your best interest to wait for the search engine to find what you want if you 
don't even know the categories available. 


The Cisco site contains many other helpful web pages with which you should be familiar, from 
both a practical and test standpoint. Take a look at a few of them here, but! still highly 
recommend that you go get a CCO account and explore what has happened since this book was 
published. For example, Cisco considers the Doc CD so important that a link is now available 
from their main Cisco.com site. 


CCO Marketplace 


CCO Marketplace is a global e-commerce portal for online ordering and management to give you 
24-hour by 7-day online purchasing, 365 days a year. Explore the Networking Products 
Marketplace at www.cisco.com/go/marketplace, where you can place and manage orders for 
products and services. Go to the Cisco Merchandise store at Land's End to order shirts, hats, 
bags, jackets, and other apparel. Land's End is even making use of Cisco technology with their 
click-to-talk customer-service feature. Shop at the online Gift Store for Cisco merchandise. 
Check out the Learning Store for educational materials, and the Subscription Store to keep up on 
sales and marketing materials or to get hard copies of much of what is on the web. Submit 
orders electronically or fax your orders to Cisco. Marketplace includes status, pricing, 
configuration, service order, and service parts agents. 


The Marketplace Dynamic Configuration Tool is where you can view hardware configurable 
models by product family. You can buy from anyone, and they will sell you whatever you tell 
them. However, how do you know you have all the parts and whether they all work together? I f 
you configure it here, you know it works. Check out CCO Ordering information for more details. 


Technical Assistance Center (TAC) 


The TAC (www.cisco.com/tac) contains a wealth of technical information, tools, and resources to 
assist you with solving your own problem or properly escalating it to Cisco. Glance through the 
major sections in Figure 2-4, which include Hardware Support, Software Support, and 
Technology Support. Explore the Tools & Utilities section, the Software Center, check out What's 
Hot in TAC, and contact TAC all from the newly remodeled TAC pages. 


Figure 2-4. Cisco TAC 
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Hardware, Software, and Technology Support 


The Hardware Support, Software Support, and Technology Support sections cover routers, 
switches, and security. Quickly troubleshoot crashes, memory and CPU issues, find specific error 
messages, and recover from a lost password all from the Hardware Support pages. The Software 
Support pages offer support for the 1OS, CiscoWorks, and CallManager. Get easy access to the 
Software Center and popular download utilities. 


The CCO Software Center conveniently gives you access to products, downloads, utilities, and 
general information, such as revision levels and major upgrades to the |OS. Get your questions 
answered about protocol and feature sets. Learn more about naming conventions. For example, 
a filename has three parts, separated by dashes, such as xxxx-yyyy-ww, where 


e Xxxx - Platform 


www.cisco.com/warp/customer/432/platform.html 
e yyyy - Features 


www.cisco.com/warp/customer/432/features.html 


e ww - Format (where it executes from if compressed) 


www.cisco.com/warp/customer/432/format.html 


Earlier | discussed ED, LD, and GD and how | recommend GD for production deployment and the 
others for new features not available yet in GD. Try out the 1|OS Upgrade Planner. It has gone 
from a simple FTP service to deliver a fix to a customer to a wonderfully organized tool for CCO 
users. The Hardware-Software Compatibility Matrix, the Software |mage Naming Conventions, 
and the Cisco |OS Roadmap all are worthy of your exploration. 


Technology Support offers assistance with routing protocol troubleshooting, virtual private 
networks (VPNs), ACLs, VLANs, IPSec, and so on. 


Tools and Utilities 
TAC provides many installation, configuration, assessment, troubleshooting, and case 


management tools to solve. They are better categorized than ever, as illustrated in Figure 2-5, 
and you can reach many via their own links. 


Figure 2-5. TAC Tools Link 
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Available installation tools include memory calculators and firmware compatibility tools, an 
SNMP object navigator, and a discussion forum for networking professionals. An Open Source 
Initiative Community releases their own tools, scripts, and utilities. You can look up 
configuration guidelines, create customized command reference documents, sign up to receive 
automatic product field notices, and request software and hardware upgrades and 
documentation. Use the 1|OS Roadmap, Upgrade Planner, Software Advisor, and Software Center 
to obtain the right software. Attend online TAC seminars and download the Cisco TFTP server. In 
addition to some of the installation tools, the configuration tools offer an 1P subnet calculator. 


Assess your network and find out whether it is properly designed for high-availability telephony 
or search all the TAC knowledgebases for technical issues. The troubleshooting tools are most 
relevant to this book (see Figure 2-6). 


Figure 2-6. TAC Troubleshooting Tools 
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Many of the tools speak for themselves, and others are described here were discussed on 
previous pages. You can decode error messages, receive bug reports and field notices 
automatically, and receive instant analysis of command output entered in to the Output 
Interpreter. You can automatically decode routing information fields (RIFs), stack traces, and 
interactively diagnose common network problems with the Troubleshooting Assistant and 
Wireless Troubleshooting Center. 


The Troubleshooting Assistant takes the hold-my-hand approach to troubleshooting. It prompts 
you for questions to help narrow down the problem. You can narrow down problems to 
protocols, platforms, hardware, configuration, performance, and so on. The Troubleshooting 
Assistant takes your input and scores the likely solutions. A score of 100 is the highest, so 90 is 


very likely a solution to the problem (assuming you put in the right criteria). 


Explore the Networking Professionals Connection or open discussion forums. This is the Cisco- 
approved place to ask for advice. You can ask who has done or used what and what weird things 
they have encountered. You can look for customer experiences in the open forum. CCIEs lurk 
here (mostly those who work for Cisco). Join in on Tech Talks, Ask the Expert, and sign up for 
free seminars. 


The Advanced Search Tool enables you to search all file types or narrow them down to case 
studies, configuration examples, field notices, password recovery, Q&A, security advisors, tech 
notes, white papers, and more. 


NOTE 


Because websites change daily, this section is very hard to keep current in terms of 
putting it in print. However, the point is that Cisco does a great job of proactively 
providing what you need to solve your own problems. It is up to you to use the tools 
available. Start at Cisco.com, login with your CCO account and go from there. 


Contacting TAC 


The TAC case management toolkit is available from many pages, including the Cisco home page, 
and enables you to directly access the TAC. Use it to open, query, or update a case, and have 
TAC proactively notify you regarding your open cases. Select this and the RMA/Service Order 
Tools right off the TAC site. Most people rarely pick up the phone to call the TAC unless they 
have a dead box. On the web, you have a case history and so do they; your communication is 
not just verbal, and it works rather well. 


Gather your facts: your maintenance contract information, the equipment product and serial 
number, any problem details, and so on. Use the show tech-support command on a normal 
box and then ona problem box. Use the show tech-support command on the problem box so 
that you are ready for anything the Cisco Support Engineer (CSE) may ask. You have to know 
what works and what normal performance levels are so that you can identify and fix problems. 


Open a case at a specific priority level and note the case number. Use the TAC case management 
toolkit to query and update it. Table 2-9 lists Cisco support priority levels. E-mail is wonderful, 
but there must be some reason companies give their support people those cell phones. Think 
about that when you have a high-priority problem. If everyone is down and out, you better place 
a call. 


Table 2-9. Cisco Support Priority Levels 


Priority Severity 

1 Production network down 

2 Production network severely degraded 
3 Network performance degraded 

4 Information needed on product 


NOTE 


Take the time to work with the case management toolkit because an online record for 
each case is a valuable tool for you and the CSE. Contact TAC via phone, fax, e- mail 
(tac@cisco.com), or via the web (www.cisco.com/tac). Go to TAC and print out the 
phone numbers for your location so that you have them handy. 


| have stressed repeatedly that Cisco wants you to help yourself with the tools they give you 
(and new and improved tools are coming online all the time). Because no one is perfect and 
because many commands and tools are undocumented or did not make it in the product in time 
for release, a valid CCO account will prove very beneficial to you when configuring, monitoring, 
and debugging your networks. 


Project DOTU 


What about the undocumented stuff that people tell you about? Where can you get more 
information on that? For this, there is a Project DOTU: Document the Undocumented at 
www.boerland.com/dotu (see Figure 2-7). Project DOTU is a viable option; however, | am not by 
any means suggesting that you try all the undocumented commands in a production network. 
Take a look at the Boerland site and also go to Yahoo! or Google sometime to search for "cisco 
undocumented." 


Figure 2-7. Project DOTU 
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As an example, go to one of your routers and try sh int switching to see switching on an 
interface-by-interface, protocol-by- protocol basis. Example 2-35 shows the output of this on one 
of my 2500s in the test lab. 


Example 2-35. sh int switching Output 


r2>sh int switching 


EthernetO r2 e0 to HostC Win98Dell 


Throttle count 


Drops RP 

SPD Flushes Fast 
SPD Aggress Fast 
SPD Priority Inputs 
Protocol Path 
Other Process 


Cache misses 


Fast 


Auton/SSE 


IP Process 


Cache misses 


Fast 


Auton/SSE 


ARP Process 


Cache misses 


Fast 


Auton/SSE 


CDP Process 


Cache misses 


Fast 


Auton/SSE 


SerialO r2 sO DCE to rl sO DTE 


Throttle count 


Drops RP 
SPD Flushes Fast 
SPD Aggress Fast 
SPD: Priority Inputs 


SP 


SSE 


Drops 


Chars In 


12798 


SP 


SSE 


Drops 


Pkts Out 


2296 


836 


383 


Chars Out 


137760 


73884 


120 


114134 


Protocol Path Pkt s In Chars In Pkts Out Chars Out 


Other Process 0 0 2296 50512 
Cache misses 0 

Fast 0 0 0 0 

Auton/SSE 0 0 0 0 

IP Process 886 51823 880 51396 
Cache misses 0 

Fast 0 0 0 0 

Auton/SSE 0 0 0 0 

CDP Process 383 106474 383 106474 
Cache misses 0 

Fast 0 0 0 0 

Auton/SSE 0 0 0 0 


Interface Seriall is disabled 


NOTE 


Obviously, some of these commands are probably undocumented for a reason; so if 
you insist, make sure your job is not on the line. By the way, this is what test labs are 
for. 


The following section moves the focus away from Cisco-specific commands and websites for 
troubleshooting and looks at network management as a tool. 


Network Management 


The goals of this section are to introduce you to the International Organization for 
Standardization (ISO) functional areas of network management and to briefly explore such tools 
as CiscoWorks and WANDL (Netsys Baseliner). 


ISO Functional Areas of Network Management 


The I1SO has five key functional areas of network management, as follows: 


e Fault management is very applicable to troubleshooting. A fault is defined as any 
abnormal event. The fault may be indicated by component failures that generate lots of 
errors. Report faults as they occur. Where did it occur? Can you isolate the problem and 
minimize the impact on others? Is the fault an abnormal event; is there an excessive 
number of errors? Should you repair or replace? Must you upgrade hardware, upgrade 
software (10S), or configure for performance to fix the problem? 


e Accounting management measures user, group, or device utilization and regulates 
resources and quotas appropriately. 


e Configuration and name management help you account for such items as configuration 
files, changes in response to performance evaluations, product and |OS upgrades, and fault 
recovery. 


e Performance management is about measuring and making sure acceptable levels of 
throughput, response time, and utilization are maintained. 


e Security management relates to controlling access according to security standards and 
policies as to not be sabotaged. It also assists in making sensitive information accessible 
only to authorized parties. 


Network management can be proactive or reactive. AS a Support person, you must determine a 
good balance of monitoring devices as to not interfere with the main function of the device. For 
example, the main purpose of a router is to route packets. Too much monitoring and polling 
takes precious resources that may not be available. On the other hand, network management 
programs such as CiscoWorks, Cisco Info Center (CIC), and HP OpenView can simplify 
configuration, monitoring, and troubleshooting. 


CiscoWorks 


CiscoWorks, the Cisco network management system (NMS), delivers device monitoring and 
management products as well as configuration and fault management tools. Products such as HP 
OpenView and Spectrum are competitor products. 


CiscoWorks includes several web-based solutions targeted at configuring, monitoring, and 
troubleshooting LAN and WAN environments. Go to a search engine such as Google and search 
for "ciscoworks," which should bring you to Cisco.com to help you understand, monitor, and 
react to problems. 


The LAN Management Solution (LMS) includes the nGenius Real Time Monitor, Campus Manager, 


Device Fault Manager, Content Flow Monitor, CiscoView, and Resource Manager Essentials. LMS 
is part of the CiscoWorks family of products for fault and configuration management and 
troubleshooting of campus LANs and is a follow-on to the CiscoWorks for Switched I nternetworks 
(CWSI) bundle. 


nGenius Real Time Monitor is web-enabled and delivers Remote Monitoring (RMON) information 
from RMON-enabled Catalyst switches, internal modules, and external probes. nGenius includes 
traffic director and packet analyzer applications. Use it to collect RMON statistics, analyze traffic 
patterns, and report long-term trend analysis. You can set thresholds on ports for errors, 
broadcasts, collisions, and so forth; monitor proactive alarms before they affect users. Whata 
way to keep tabs on broadcast traffic! A good rule of thumb is that broadcast traffic should not 
be more than 20 percent of the total traffic per segment. Use nGenius Packet Analyzer to 
troubleshoot protocol- related issues. The product runs on Microsoft, SunOS, Solaris, HP/UX, and 
|IBM-AIX. 


Campus Manager includes Layer 2 tools for configuring, managing, and understanding the 
infrastructure. Export the maps to Visio, VLAN, LAN Emulation (LANE), and ATM services and 
assign switch ports. Autodiscovery and topology mapping enable you to get link and device 
status based on SNMP polling. Diagnostic tools allow automatic location and correlation for user 
information based on MAC, IP, login name, and physical location. Configure, monitor, and 
manage VLANs the drag-and-drop way and compile statistics with the VLAN Director. Figure 2-8 
shows a list of VLANs. 


Figure 2-8. CiscoWorks VLAN Management with Campus Manager 
Topology Services 
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Device Fault Manager (DFM) gives you real-time, problem-focused fault analysis. Intelligent 


traps are sent to e-mail/ pager gateways or displayed in the alarm window. 

Content Flow Monitor offers load balancing and performance monitoring. 

CiscoView is a GUI for monitoring all Cisco devices, including on-demand access to CCO for new 
and updated device support (see Figure 2-9). It includes graphical device management, 
including front and back panel displays; performance management through utilization statistics, 


frames transmitted and received, errors, and so on; and you can change configurations (for 
example, routes, VLANs, and duplex settings). 


Figure 2-9. CiscoView 
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Resource Manager Essentials (RME) streamlines inventory, device configuration, and software 
updates. It is comprised of applications such as: Inventory Manager, Change Audit, Device 
Configuration Manager, Software Image Manager, Availability Manager, Syslog Analyzer, and 
Cisco Management Connection. RME is bundled with CiscoWorks and is also available as a 
standalone product. 


RME integrates with products such as HP OpenView, CIC, IBM NetView, and SunNet Manager to 
solve fault, configuration, and performance management issues. It even gives you a picture of 
the device, which is wonderful for basic connectivity status (see Figure 2-10). 


Figure 2-10. Resource Manager Essentials (RME) 
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The Software Image Manager goes out to Cisco's website to analyze and run a cron job for when 
you want to schedule the upgrade. It gives the best match, which obviously speeds up software 
deployment. This tool provides change control for software and configurations. It actually 
accounts for that tech who said they did nothing. 


NOTE 


Campus Bundle for AlX/HP-UX is similar to the LMS available for Windows NT and the 
Solaris operating systems. It includes Traffic Director, Campus Manager, RME, and 
CiscoView. 


The Routed WAN Management Solution includes nGenius Real Time Monitor, Access Control List 
Manager, Internetwork Performance Monitor (IPM), CiscoView, and RME. |PM empowers network 
engineers to proactively troubleshoot response time and availability issues. |PM's server 
component runs on Sun Solaris and Windows NT/2000. 


The Service Management Solution includes Service Level Manager and CiscoView. You can define 
and monitor service level agreements (SLAs), specifying traffic types and thresholds between 
enterprise networks or internal or external endpoints. Software agents provide job management 
and collection. 


CiscoWorks QoS Policy Manager (QPM) includes performance protection for voice, video, and 
data applications through policies and design guide recommendations. 


The VPN/Security Management Solution includes a VPN Monitor, RME, CiscoView, and Cisco 
Secure Policy Manager Lite. This solution is for customers who require remote access and site-to- 
site VPNs based on IPSec, Layer 2 Tunneling Protocol (L2TP), and Point-to-Point Tunneling 


Protocol (PPTP) or deployment and management of perimeter security using the Cisco PIX 
firewall. 


CiscoWorks has other advanced applications. The Default Fault Manager (DFM) is part of the LAN 
solution or an add-on for problem-focused fault analysis. Intelligent traps are sent to e- 

mail/ pager gateways or displayed in the alarm window. The User Registration Tool allows for 
dynamic assignment of VLANs based on user login. CiscoWorks Voice Manager (CVM) is a voice 
management and reporting solution. It provides advanced capabilities to configure and provision 
voice ports and create and modify dial plans for Voice over IP, Frame Relay, and ATM. The ACL 
Manager is an add-on to RME, but a component of the Routed WAN Management bundle. It 
offers a web interface to manage access lists. Search for "ciscoworks" at Cisco.com to explore 
the other applications and the up-to-date bundles. 


Netsys Baseliner (Now WANDL) 


Cisco acquired Netsys and announced an end-of-life plan in November 2000. Cisco is now 
partnering with WANDL for the following Netsys platforms: Sun Solaris, HP-UX, AIX, and 
Windows with the server-side Cisco Netsys-Agent (N-Agent). This opens the product up to other 
NMSs and operating systems via application programming interfaces (APIs). Search for "wand|" 
atCisco.com for more details or go directly to www.wandl.com. 


Netsys Baseliner (now WANDL) is a simulation and modeling tool that takes the what- you-see- 
before-you-get-it (WYSBYGI) approach. It is a what-if tool to test changes and performance 
issues before you commit to any design changes. It is great for initial network design, analysis 
for reconfiguration or redesign, and stress-testing situations. The output measures throughput, 
response times, utilization, packet loss, and so on. Even though Netsys is another company's 
product now, it is still a great product (and is still covered on the exam). 


NOTE 


Regardless of the tool you choose, always remember to display, debug, and test 
configurations offline before you put them into your live network. Analyze what- if 
scenarios to determine what happens prior to implementing changes or to proactively 
prepare yourself for a failure so that you can react appropriately. 


Many times after using |OS commands, CCO, and NMSs, you still need more tools. The following 
section covers some hardware tools and media testers that may be of help. 


Hardware Tools and Media Testers 


Network media test equipment is available to install and verify new cabling systems as well as to 
diagnose and maintain the existing physical infrastructure. At the lower end of the spectrum, 
there are breakout boxes, cable testers (Scanners), volt-ohm meters (VOMs), and digital volt 
ohm meters (DVOMs). At the higher end of the spectrum, there are time domain reflectometers 
(TDRs) and optical TDRs (OTDRs). Go to websites such as www.flukenetworks.com, 
www.blackbox.com, and www.microtest.com for more information. 


e Breakout boxes check signals and pinouts for RS-232 serial devices. 

e VOMs and DVOMs test continuity, voltages, current, resistance, and physical connectivity. 

e Cable testers and scanners, although at the lower end of the troubleshooting spectrum, 
are good in continuity situations, whether it be installation, maintenance, or support. A 
cable tester may help you determine whether the port is actually bad on the router or 


switch, for instance. Many handheld testers today display helpful address and protocol 
statistics as well. Figure 2-11 shows the Fluke handheld device. 


Figure 2-11. Fluke Handheld Tester 


e TDRs are at the higher end of spectrum and are good for cable- break issues. They test for 
consistency in the impedance over the length of the cable. An electronic pulse is sent to 
quickly detect shorts, breaks, and throughput issues. You used to really need TDRs for coax 
cable, but cable scanners work just fine today for twisted-pair cable. 


e AnOTDR is a time domain reflectometer for fiber. It uses optical pulses to check signal 
loss. A good flashlight, believe it or not, will get you most of the problems. Figure 2-12 
shows a fiber tester. TDR products are great, but are normally very expensive. If you are 
the wiring contractor, however, this is a must for your tool bag. 


Figure 2-12. OmniFiber Tester 


Network Monitors 


Network monitors assist with baselining. They include software to look at variations from the 
normal performance with such items as packet loss, bandwidth, collisions, utilization, cyclical 
redundancy check (CRC) errors, carrier transitions, host reachability, and so on. Network 
monitors can continuously track packets at the higher layers using SNMP and keepalive activity. 
They can collect information from remote sites, send back to headquarters, and warn 
accordingly. Many include SNMP and RMON capabilities. SNMP bottom line is that it is simple: 
Get request and get response. If you don't have an easy-to-read interface, however, SNMP is 
anything but simple. 


Protocol Analyzers 


Protocol analyzers generate packets and provide real-time data to interactively capture traffic 
with a layered approach. You will see just how theoretical the OSI model is not after using an 
analyzer. There is a capture and display mode for the individual packet flow. You can generate 
and edit frames for capacity planning and load testing of devices such as switches, routers, 
servers, and workstations. Record, interpret, and analyze the life of a packet. Get meaning out 
of frames. Interpret lots of detail on applications such as Domain Name System (DNS), Dynamic 
Host Configuration Protocol (DHCP), FTP, and TFTP. Products include Network Associates Sniffer, 
WildPacket's EtherPeek, Network Monitor from Microsoft, and so on. 


NOTE 


If you want to compare various protocol analyzer products, check out the interesting 
article that appeared in the May 21, 2001, edition of PC Magazine (www.pcmag.com). 
Packet Magazine (www.cisco.com/go/packet) has many related articles as well. Look 
for "Tricks of the Trade," for instance. 


Many times a protocol analyzer is more advantageous than the innate |OS tools such as debug 
and log because it is run from a workstation and is less disrupting to the device being monitored. 
Throughout the scenarios and Trouble Tickets in this book, | use Sniffer Pro to demonstrate 
concepts; however, you can use any protocol analyzer. Some of these products even have a 
demo version that enables you to try before you buy; others, such as Ethereal 
(www.ethereal.com), are free. 


This book is not intended to teach you about the Sniffer Pro product. Sniffer Pro is just another 
tool that enables you to record, display, and analyze various network architectures. Start by 
getting familiar with the Sniffer Pro interface in Figure 2-13. | am running version 4.5 ona 
Windows 2000 desktop for my tests. 


Figure 2-13. Sniffer Pro | nterface 
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NOTE 


Obtain an evaluation or licensed copy of the protocol analyzer of your choice to work 
through the rest of the Trouble Tickets throughout this book. A good starting point for 
more information on protocol analysis is www.nai.com for Sniffer, 


www.wildpackets.com,www.microsoft.com, or www.ethereal.com. Register on 
www.sniffer.com to get your free protocol poster, and check out some of the other 


references and tools at WildPackets and Ethereal. 


Sniffer Scenario 


Take time to get familiar with the basic interface of whichever protocol analyzer you choose to 
use. If that product is Sniffer/Sniffer Pro, you can choose the Help > Help Topics > Overview 
> How To selections to get yourself started. Although you should take your own self-guided 
tour, | very briefly describe the windows and how to use the tool so that you can take advantage 
of it in the Trouble Tickets and in real-world situations. Follow along if you can use Sniffer on 
your PC or just review the screen shots provided here. 


Figure 2-14 displays the physical connectivity for this practical exercise. Use a crossover cable to 


connect one PC directly to the other PC. Do not use a switch (but a hub is fine) to connect the 
devices; you will work with switches in the chapters to come. 


Figure 2-14. Sniffer Scenario 


hosta hostb 


Crossover Cable 


LOOT OT (liad 
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Win2K Wings 


192.168.1.11 192.168.1.12 
255.255.255.0 255.255.255.0 
“Sniffer PC” 


Assign one PC 192.168.1.11 255.255.255.0 and the other one 192.168.1.12 255.255.255.0. 
Assuming you are using Windows-based PCs, just right- dick Network Neighborhood or My 
Network Places. Alternatively, choose Start > Settings > Control Panel > Network to 
select your LAN connection. For this scenario, | am using a Windows 2000 Pro notebook for 
hosta and a Windows 98 notebook for hostb with a crossover cable between them. | assume 
Windows 95 or higher will work, but in fact the operating system version is not critical for 
anything you are doing throughout the hands- on exercises. See Figure 2-14 and the address 
information provided to configure the appropriate | P parameters in the LAN Properties, TCP/IP 
sheet for both PCs. Name the PCs hosta and hostb. 


Use the ipconfig/winipcfg desktop tools to verify your configuration, as in Example 2-36. In 
addition, ping the other PC to verify connectivity. 


Example 2-36. ipconfig on the Desktop 


Microsoft Windows 2000 [Version 5.00.2195] 
(C) Copyright 1985-2000 Microsoft Corp. 
C:\>ipconfig 


Windows 2000 IP Configuration 


Ethernet adapter {F6BB63C3-5752-480C-96DB-206E49F87839}: 


Connection-specific DNS Suffix 


TP AGGreSsS 2 «% sw ee % we oe ce we SE ORO L060 


Subnet: Mask « « « «© « « « # « « & # 0.0.0..0 


Default Gateway . 


Ethernet adapter Local Area Connection: 


Connection-specific DNS Suffix 


Autoconfiguration IP Address. . . : 192.168.1.11 
Subnet Mask 2. = 2 a3 & # © & 4 4. 9£°255.255~.255.0 
Default Gateway 


C:\>ping 192.168.1.12 


Panging 192.168 .1.12 with 32 bytes of datas 

Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Ping Statistics for 192.168.106.123 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 


Cr\> 


Now that you have tested basic configuration and connectivity, turn on Microsoft Networking. 
Instead of using a third-party program, turn on File and Print Services on hostb by going to the 
Network Property sheet; thus you can have hostb act as a server. Later you will verify the upper 
layers using Sniffer. For now, use Sniffer Pro to analyze and extrapolate critical information from 
your packets. 


NOTE 


Be patient while the program starts, especially if you are running it on a minimum- 
memory laptop. 


Using Sniffer Pro 


Dashboard provides information about packets, utilization, and errors through dials and graphs 
(seeFigure 2-15). It is analogous to the tachometer approach on the dash of your car. Take 
some time to experiment with the product, but believe me packet analysis is addicting. For now, 
look at the menus, toolbars, and help system, including the Overview, Basic Capabilities of 
Sniffer Pro, and How To sections. 


Figure 2-15. Sniffer Dashboard 
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| want you to start right away and capture packets. My capture station is my Windows 2000 PC 
with an address of 192.168.1.11. You can use the Capture menu to start capturing packets, but | 
often prefer the toolbar. In Figure 2-15, | clicked the triangle-shaped toolbar button that 
resembles the button on a CD player. 


The icons on the left enable you to view different categories of information loosely based on the 
OSI layers. The Diagnosis tab displays problems that Sniffer has determined to require your 
immediate attention, whereas the Symptoms tab specifies potential problems. The Objects tab 
identifies all the features and network items that Sniffer identified over the entire capture 
process. 


Figure 2-16 shows Sniffer capturing packets, but there is not much activity until you actually do 
something. Notice the number of packets in the lower-right corner of the expert window and how 
it increases as you produce traffic. A simple ping from hosta to hostb (192.168.1.12) is enough 
to change that. Use the IP address for the first ping to eliminate any name resolution for now. 
Ping again using the host name (hostb), and then stop the Sniffer capture using the toolbar or 
Capture menu. Example 2-37 shows my command-prompt ping output. 


Example 2-37. Command-Prompt Ping Output 


C:\>ping 192.168.1.12 


Panging 192.168.1102 wath 32 bytes of datas 


Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 


Ping Statistics tor 192.168.2102 
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 


Minimum = Oms, Maximum = Oms, Average = Oms 


C:\>ping hostb 


Pinging hostb [192.168.1.12] with 32 bytes of data: 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<1l0ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 


Ping Statistics tor 192. 168.10.12% 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 


CreN> 


Figure 2-16. Initial Ping Capture 
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Stop the capture and then view, or do that in one step with the binocular icon. | did the latter in 
Figure 2-17. Although the current emphasis is on the Decode tab, feel free to take time to 
explore the other tabs. Click the Decode tab at the bottom and maximize the screen (like | have 
done in Figure 2-17). Use the File menu to save the capture for later use. Name it ping pong. 


Figure 2-17. Ping Pong 
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Notice the three-window display in Figure 2-17 or on your screen. The top pane is a summary 
pane in which each line is a frame. The middle pane is the detail pane, which is a decode of the 
frame you are sitting on in the summary pane. The bottom window is the hex pane. 


| am sitting on frame 3, which is an Echo Request packet. Earlier my debug output illustrated 
echo packet types. Here the Sniffer gives you that in the ICMP header in the middle pane. Your 
goal is to not get wrapped up in the specifics of a protocol analyzer, but to learn the basics and 
use it as a troubleshooting tool. Speaking of basics, everything goes back to the not so 
theoretical OSI model or TCP/IP suite of protocols discussed in Chapter 1. 


The discussion now turns to the ping activity and the layers involved. Frames 1 and 2 are ARP 
frames. Because hosta was pinging hostb on the same local segment, ARP broadcasted to find 
the MAC address for the 192.168.1.12 address in my ping. Take a look at Figure 2-18, where | 
am sitting on Frame 1, and observe the output in the middle pane. The decode shows the MAC 
for hosta and the local broadcast for the MAC for hostb. Frame 2 in Figure 2-19 is the local 
unicast reply from hostb saying, "Hey, that's me, and my MAC is xx- Xx- Xx- Xx- Xx." 


Figure 2-18. Frame 1 ARP Request 
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Figure 2-19. Frame 2 ARP Reply 
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Frames 3, 5, 7, and 9 are Echo Requests, and the even associated frames are the Echo Replies. 
Remember from Chapter 1 that ICMP is a helper protocol for IP that is responsible for status and 
error reporting. Here it is in action. You can observe this behavior back in Figure 2-17 as well as 
see the MAC address in hex because | actually clicked the MAC in the middle pane. 


Frames 11 and 12 deal with name resolution and correlate to me typing ping hostb. Figure 2- 
20 illustrates the layers involved with name resolution. By the way, | used the mouse to adjust 
my window sizes so that! could see more of the decode for this example. For instance, the 
logical link control (LLC) at Layer 2 uses the EtherType of 0800 to hand off to |P Layer 3. IP uses 
protocol 17 to hand off to UDP (Layer 4). UDP uses destination port 137 to hand off to NetBIOS 
name services (upper layers) for name resolution. 


Figure 2-20. Frame 11 Name Resolution 
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Next move down to Frames 13 through 20 and perform a similar analysis. Earlier | said that ping 
tests through Layer 3 and uses IP, which has |CMP for a helper. Figure 2-21 clearly 
demonstrates this fact. Take a look for yourself. If you are not comfortable with this layer-by- 
layer approach, don't worry; you will continue to review the details in the associated chapters to 
follow. Understanding the layers just happens to be a required skill for a successful support 
person. 


Figure 2-21. Frames 13-20 Ping Analysis 
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Ko ceptions 


Protocol analyzers perform some amazing functions. Not only can they capture network traffic, 
they also can find top bandwidth users, create traffic maps, identify and rank protocols in use, 
retransmit network traffic, and much more. 


NOTE 


Again, your goal here is to use a protocol analyzer as a troubleshooting tool, not to 
learn the details of the product. You will capture and decode various traffic patterns 
throughout many of the Trouble Tickets in this book to analyze packets in detail. 


The last section of this chapter deals with desktop tools, many of which you have already used. 


Desktop Tools 


Internetworks have become complex for many reasons, including LAN/WAN architecture, media, 
technologies, and protocols. The progression from host-centric environments to distributed client- 
server platforms still very much requires a hierarchical network to aid in troubleshooting. So far, | 
have reviewed various internetworking tools. However, it is impossible to be an expert in 
everything. If you are a WAN guru, you may lack technical expertise at the desktop. If youarea 
LAN guru, you may lack technical expertise at the internetwork level. Obviously, because of the 
added complexities in current LANs and WANs, you need some basic tools to assist. 


Refer to the desktop support resources in Table 2-10 and throughout this section to assist with end 
to-end troubleshooting. Desktop tools, such as ping and trace, looking at the routing table, logginc 
and monitoring functions, and more are available for your use. Many come with the operating 
system, and others are supplied by third-party vendors. Use / ? for command-line help to see the 
specific options. 


Table 2-10. Desktop Support Resources 


Desktop Tool Options and Functions 


ping ping 
ping -t Continuous ping. 


ping -n Number of echos. 


tracert tracert Hop-by-hop test. 
tracert - d Test without DNS lookup 


tracert - h Maximum number of hops to search for target. 


pathping pathping -n Test without DNS lookup. 
pathping -h Maximum number of hops to search for target. 


pathping combines ping and tracert to trace a route and show packet 
losses for each router in the path (also good for quality of service, QoS). 


arp arp -a To view ARP cache. 
route route print To view routing table. 
netstat Displays local NetBIOS name table and cache. Displays active TCP and UDP 


connections and their state. 


nbtstat NetBIOS over TCP statistics. Displays protocol statistics and current TCP 
connections for NetBIOS over TCP/IP. 


nbtstat - RR to force reinsertion and update of local NetBIOS names. 


nslookup Query DNS servers to check records, services, and operating system 
information. 


ipconfig/winipcfg | ipconfig 


ipconfig / all displays more parameters, such as MAC, IP, subnet mask, 
gateway, WINS, and DNS. 


ipconfig / release 


ipconfig / renew 


Try these tools for yourself. For example, ping your favorite website and then trace to it as | doin 
Figure 2-22 and Figure 2-23. 


Figure 2-22. Ping Cisco Press 
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ply from 63.69.1108.212: bytes*32 time 17@ns TIL°247 
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ply from 63.69.118.212: bytes*32 times19@nms TIL°247 


ing statistics for 63.69.110.212: 
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Figure 2-23. Tracert Cisco Press 
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Now turn your attention back to hosta and hostb from the Sniffer capture. First ping from hosta to 
hostb, tracert, and then look at the ARP cache in Example 2- 38. 


Example 2-38. ARP Cache on hosta 


C:\>ping hostb 


Pinging hostb [192.168.1.12] with 32 bytes of data: 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 
Ping statistics for 192.168 .1.12% 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>tracert hostb 
Tracing route to hostb [192.168.1.12] 
over a maximum of 30 hops: 
a <10 ms <10 ms <10 ms HOSTB [192..168.1.12] 


Trace complete. 


C:\>arp —-a 


Interface: 192.168.1.11 on Interface 0x1000005 


Internet Address Physical Address Type 
192;163..1.12 U0=80=c7=aa=ce=o7 dynamic 
Ce\> 


The preceding example displays the |P and MAC address for destination hostb in the ARP table, but 
the entry will stay there for only two minutes unless you use the entry again. Then its life is 
extended to 10 minutes, total, no matter how many times it is accessed. Next look at the active 
routes in the routing table on hosta in Example 2-39. 


Example 2-39. route print on hosta 


C:\>route print 


Interface List 


Od sarbp es bolas a erenwia te, boating ener Bsa wAeceua MS TCP Loopback interface 
Ox2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter 
0x4000004 ...00 10 4b a5 ae 50 ...... FE575 Ethernet Adapter 


Active Routes: 


Network Destination Netmask Gateway Interface Metric 
127.0.0.0 255.'0.30:20 127..10.0.1 127.0.0.1 Hl 
192.168.1.0 259.259.2590 192.168.1011 192).1:68) 5.0. d i 
192.168.4111. 255.255.255.255 127 10.0.1 127 10.0.1 Hl 
192.168.1255. 255:295.255..255 192:.168:.1.. 11 192. 168).1.5 12 i 
224.0.0.0 224.0.0.0 192.168.0211 192).068.0.;: 00 1 
255.2559:..295.255 255.255.255.255 192.1685. 20 2 il 


Persistent Routes: 


None 


Co\> 


Example 2-40 and Example 2-41 display netstat and nbtstat options. Pick an option and try it ou 
from the command prompt to see the exact display. 


Example 2-40. netstat Options 


C:\>netstat /? 


Displays protocol statistics and current TCP/IP network connections. 


NETSTAT [=a] [-e] [-—n] [=s] [=p prote] [=r] [santerval] 
-a Displays all connections and listening ports. 
-e Displays Ethernet statistics. This may be combined with the -s 
option. 
—n Displays addresses and port numbers in numerical form. 
=p ‘proto Shows connections for the protocol specified by proto; proto 


may be TCP or UDP. If used with the -s option to display 
per=protocol statistics, proto may be TCP, UDP, or IP. 

= Displays the routing table. 

-s Displays per-protocol statistics. By default, statistics are 
shown for TCP, UDP and IP; the -p option may be used to specify 
a subset of the default. 

interval Redisplays selected statistics, pausing interval seconds 
between each display. Press CTRL+C to stop redisplaying 
Sstlatistics.. If omitted, netstat will print the current 
configuration information once. 


Cry 


Example 2-41. nbtstat Options 


C:\>nbtstat /? 
Displays protocol statistics and current TCP/IP connections using NBT 
(NetBIOS over TCP/IP). 


NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] 


[=r] T=Ri] [=RR] [=s] l=Sl Tanterval)] J 


=a (adapter status) Lists the remote machine's name table given its name 


-A (Adapter status) Lists the remote machine's name table given its 


IP address. 


=C (cache) Lists NBT's cache of remote [machine] names and their IP 
addresses 

—n (names) Lists local NetBIOS names. 

= (resolved) Lists names resolved by broadcast and via WINS 

-R (Reload) Purges and reloads the remote cache name table 

=S (Sessions) Lists sessions table with the destination IP addresses 

-s (sessions) Lists sessions table converting destination IP 


addresses to computer NETBIOS names. 


-RR (ReleaseRefresh) Sends Name Release packets to WINs and then, starts Refres 


RemoteName Remote host machine name. 


IP address Dotted decimal representation of the IP address. 


interval Redisplays selected statistics, pausing interval seconds 
between each display. Press Ctrl+C to stop redisplaying 


Stat pstics. 


Example 2-42 illustrates ipconfig with the optional / all parameter, which provides more detail 
(such as the MAC address and name resolution parameters). 


Example 2-42. ipconfig / all 


C:\>ipeonfig /all 
Windows 2000 IP Configuration 
Host. (NAME! 2. cs se Se ae Ge ea Sw we SE OOS Ba 


Primary DNS Suffix 


Nodé Type. -< « & w sw & wo & « w  Bybrid 
EP Routing Bnabled. au. oe a ws «= « “PY No 
WINS. Proxy Bnabled.: «<< 6 «=. « (NS 


Ethernet adapter {F6BB63C3-5752-480C-96DB-206E49F87839}: 


Connection-specific DNS Suffix 


DESCription « « « « « « « « « « © } NOC Extranet Access Adapter 
Physical Address. « « «© « « « « »« % 44=45=53=54=42=00 

DHCP Enabled. = & a a & oa ae a =e ANG 

LP Address 2 3 a « ¢ KR @ «© & & 2 2 Op0I0n0 

Subnet-Mask: js .<« 2 a » & ¢ 3 es © @ 2 0.06020 


Default Gateway 


DNS Servers 


Ethernet adapter Local Area Connection: 


Connection-specific DNS Suffix 


Description ....... . . . . : 3Com Megahertz 10/100 LAN CardBus 
PC Card 

Physical Address. « 2. «© « « « « « 3 O0=10=4B=A5=AE=50 

DHCP -PMaD Leis: a is ai ere wt GE eh Ze we Oe ONG 

Autoconfiguration IP Address. « . * 192.168.1.11 

Subnet Mask =. =~ 2 4 » & # © » @ @ $°255.255.255.0 


Default Gateway 


DNS Servers 


Cs \> 


You will continue to use many of these tools in the Trouble Tickets to come. Depending on the 
operating system, other administrative and troubleshooting tools are available. Other 
administrative and troubleshooting tools include system configuration utilities, startup menus for 
safe modes, help troubleshooters, Device Manager, Perfmon, Event Viewer, and Task Manager. 


Many third-party tools are worthy of exploring, too. Consider taking a look at TTCP, VMWare, 
NetOps, and VNC. Microsoft TechNet and Novell Users International (NUI) Technical Resource CD 
are similar resources to the CCO (but focusing on their proprietary products rather than Cisco 
products). Explore these tools on your own; some of them are very addicting. 


NOTE 


If you need more help troubleshooting in this area, | highly recommend CompTIA A+ and 
Network+ programs or specific operating system resources for more detail. Check out 
www.comptia.org and individual vendor websites. 


After all this information and examination of tools and resources, don't forget the Physical Layer. 
LEDs are quite helpful in troubleshooting and on a practical note should be your first observation if 
you have physical access. Try test led sometime on a router to make sure that you are actually 
connected to the box you think you are. Look at the link lights on your NICs and devices. Use 
multiple tools to administer and manage your internetwork. Pictures and maps are great, but if you 
can't afford a fancy network management program, do what you can with the |OS and operating 
system tools and explore other third-party tools. 


Use all of these tools in conjunction with sound troubleshooting techniques. Use CDP, draw your 
own map, know what is normal, know what your configurations look like, annotate them with 
descriptions and remarks, verify connectivity with ping and trace, log changes, and only use debug 
to the point that it won't stress out your router. Sometimes a protocol analyzer gives you more 
detail and is less intrusive on your devices. By now you should be well on your way to a full tool 
bag that will enable you to work through the more practical portions of the remainder of this book. 


NOTE 


| used to deliver TCP/IP and CCNP classes for Chesapeake/Mentor Technologies. Recently 
it was brought to my attention that the old www.ccci.com site is up and running with 
references to some great tools and resources. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


1: CDP sends and receives neighbor advertisements over multicast address 01-00- Oc- 
cc-cc and uses a proprietary HDLC type value. CDP must run on media that supports 
what? 


bg 


To match up the following buffer pools with the appropriate sizes (Small, middle, big, 
very big, large, and huge), what |OS command would you use? 


A. 104 bytes 
B. 600 bytes 
C. 1524 bytes 
D. 4520 bytes 


E. 5024 bytes 
F. 18024 bytes 


3: Which support tool can monitor up to all seven layers and is the least stressful on the 
router? 


A. Network monitor 
B. Protocol analyzer 
C. debug 


D. ping 


|= 


List the five categories of network management and give a Cisco example of an NMS. 


ie 


What NMS feature of Cisco's product is a replacement for CWSI? List at least four 
other features that this product is responsible for. 


2 


What type of support tool records, displays, and analyzes how a protocol operates 
and gives a layer-by-layer decode? Give an example. 


Pry 


Cable testers (scanners) can be used to test physical connectivity. Many cable testers 
include TDR functionality. What type of device is used to test signal loss with fiber 
cable? 


bed 


What support tool is useful for baselining and continuously tracks packets but doesn't 
decode them? 


9: 


10 


- 
= 


List at least two proactive and two reactive CCO tools? 


Use the numbers 1-4 to match the priority levels with the following severity level. 


- Information needed on product 
- Production network severely degraded 
- Network performance degraded 


- Production network down 


Escalation to Cisco support requires certain tasks. The show tech-support 
command is helpful. You need your equipment and service contract information, and 
you should open a case with specific priority level and case number. What CCO tool 
enables you to open, query, and update a case with TAC? 


The Cisco Dynamic Configuration tool enables you to look up the specifics of a 
WSC1924A you bought off of eBay. You should quickly find that it is a 24-port, 10- 
MB switch with two 100BASE-TX ports and it is upgradeable to the Enterprise 
Edition. Under which category would you find this on the website? 


Summary 


As internetworks grow larger and more complex, a much greater potential exists for problems to 
disable portions or the entire network. You may also face issues that degrade performance to 
unacceptable levels. This complexity of additional users, resources, protocols, interfaces, and 
vendors requires you to have a full tool bag to troubleshoot problems. Scalable networks are not 
one-size-fits-all. Hardware, software, and the web are constantly changing. The resources innate 
to the Cisco 1OS and various third-party tools covered in this chapter should help you deal with 
this. These first two chapters are designed to provide you with a foundation for the practical 
exercises in the remainder of the book. The next two chapters examine IP and IPX in more 
detail. After that, the focus turns to Layer 2 LAN and WAN technologies to help you continue to 
build your practical troubleshooting skills. 


Part Il: Supporting IP and IPX 


Chapter 3 Shooting Trouble with IP 
Chapter 4 Shooting Trouble with Novell I PX 


Chapter 3. Shooting Trouble with IP 


This chapter focuses on a number of objectives falling under the CCNP Troubleshooting 
guidelines. Understanding basic TCP/IP troubleshooting principles not only applies to the CCNP 
certification but to all industry certifications. A solid understanding of how IP works is essential 
for troubleshooting any small, medium, or large network. 


This chapter and the remaining chapters assume knowledge of the previous chapters, which deal 
conceptually with protocol characteristics, models, troubleshooting methods, support tools, and 
resources. Each chapter starts by introducing a hands-on chapter scenario. To gain practical 
experience, build the network in the scenario if at all possible and follow along. If that isn't 
possible, the content and explanations are detailed enough for you to learn from without needing 
the equipment in front of you. Several integrated walk-through scenarios and Trouble Tickets 
enable you to benefit from the added learning advantages offered by practical application. After 
the Shooting Trouble with IP scenario, | explore TCP/IP concepts, symptoms, problems, and 
action plans. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with IP 
e Protocols and Packets 

e Addressing 

e Routing Protocols 

e Trouble Tickets 


e Trouble Tickets Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table |-1 in the Introduction. 


Scenario: Shooting Trouble with IP 


It is now time to get started with the practical Shooting Trouble with IP scenario. First, add the 
additional equipment, perform a write erase or erase startup-config to clear your 
configurations from previous labs, and rewire according to Figure 3-1. 


Figure 3-1. Shooting Trouble with IP 
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NOTE 


My lab uses the 2514, 2501, 3640, 3620, and 2516 Cisco routers, but yours can 
include any number of devices that have similar interfaces. See Appendix C, 
"Equipment Reference," for the hardware used throughout the book. 


The scenario goal is to put in the basic configurations, and then add Routing Information 
Protocol (RIP) as the routing protocol to work toward end-to-end connectivity between the hosts. 
Where appropriate, use best practices such as descriptions on interfaces, hosts tables, and so 


on. Configure rl and work your way through r5. As always, test and document along the way 
and when you finish configuring. 


Remember, however, that there is not always one right or wrong way to accomplish the tasks 
presented. The ability to obtain the end result using good practices is extremely important in any 


real-world network. My troubleshooting and device configurations start in Example 3-1; you can 
compare your work to that and perhaps see a different approach to obtaining the end result. 
Figure 3-2 shows a picture of my lab before wiring, and Figure 3-3 shows the after-wiring 
picture. | have physically labeled each of my devices so that | don't have to think about that 
later. Refer back to Figure 3-1 as you continue to set up and troubleshoot. 


Figure 3-2. Scenario Lab Photo Before Wiring 
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Figure 3-3. Scenario Lab Photo After Wiring 
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The terminal server at the top of the equipment stack in Figure 3-2 is not a required piece of 
equipment for the lab, but more a convenience. | am using a Cisco 2511 with the first five 
terminal leads connected to each of the console ports on my five routers. See Appendix C for 
more information on how to configure a terminal server and use one for your lab. My 2511 
configuration is in Example 3-1 with the significant output shaded. 


Example 3-1. Terminal Server Configuration (2511) 


ts#show running-config 


hostname ts 

enable password donna 
ip subnet-zero 

ip hose. 6 BOO. di. dod 
ip host 22 2002 Dds ied 
ip host #3°-2003 U.1. 1.0 
ip host r4 2004 1.1.1.1 


ip hest. rs 2005 1.0.1.7 


interface LoopbackO 
ip eddresis: Ieleted 255/0.20../0 


no ip directed-broadcast 


line con 0 
transport input none 
line 1 16 

transport input all 
no exec 

line aux 0 

line vty 0 4 
exec-timeout 30 0 
password donna 
logging synchronous 
login 


end 


Although | give you Figures 3-1 through 3-3, it is really a better practice to draw your own 
network diagram. Some people prefer columns and rows of this type of data, but! prefer colorful 
diagrams to assist with troubleshooting later. For example, you might draw your devices and 
media with a blue pen, label the IP parameters with a black pen, label IPX parameters with a red 
pen, draw a green circle around the Open Shortest Path First (OSPF) areas, and so on. Label 
which interfaces are DCE or DTE for your lab. Document device names, locations, Layer 2 and 
Layer 3 addresses, routed and bridged protocols, routing protocols, access control lists (ACLs), 
configuration files, and verify full connectivity. Perform some simple ping and trace tests (see 
Table 3-1), run show tech-support, and document some more. All of this gives you a starting 
point for normal baseline activity when your network is running well. Keep in mind that | want 
you to concentrate only on |P-related baselining for this chapter. 


NOTE 


You will adjust your hands-on lab for new equipment, software, protocols, media, 
services, problems, and so on as you progress through various Trouble Tickets and 
chapters. Feel free to substitute whatever equipment you have for the hosts, routers, 
and switches in Figure 3-1. All 2600s and 3600s, or better yet all 6500s, would be nice, 


but that isn't what | have either. 


Table 3-1 gives you a layered yet divide-and-conquer approach to quickly spotting IP issues. It 
would be wonderful if | could tell you to just start at the first item in the table and work your 
way through, but you need to think methodically (as Chapter 1, "Shooting Trouble," suggested). 
It is helpful to divide and conquer along the way in practical application to quickly narrow down 
the real problem. If you can't communicate with your gateway, for instance, it is a little difficult 
to communicate with a remote host. If you can't communicate with yourself, it is impossible to 


communicate with a local host. 


Table 3-1. 1P Troubleshooting Checklist 


Isolating Problems 


Commands and Symptoms 


Check MAC address, IP address, subnet mask, default 
gateway, and other static or DHCPL* parameters. 


Windows NT/2000: ipconfig / all 
Windows 95/98: winipcfg 


UNIX: ifconfig 


Ping your loopback from your workstation to see whether 
the TCP/IP stack is loaded. 


ping 127.0.0.1 


Ping yourself from your workstation to verify your NICL#L, 


ping 192.168.1.11 


Ping a local host from your workstation to verify local 
communications. 


ping 192.168.1.12 


Ping your default gateway from your workstation to verify 
you can communicate with your local router interface. 


ping 192.168.1.1 


Are you getting ARPsL#l from the gateway? If so, the 
gateway's MAC address should be in the workstation ARP 
table. 


arp -a 


Ping a remote host and another if it fails from your 
workstation. 


ping 192.168.3.5 


Perform a trace to the remote host to find hop-by-hop 
router issues. 


Windows: tracert [ -d] 


UNIX/Cisco: traceroute 


Is ita host problem or a router problem? 


show 
show 
show 
show 
show 
show 
show 
show 


show 


ip interface brief 
run interface eO 
ip interface eO 
interfaces e0 

ip route 

ip protocols 

ip arp 

ip cache 


ip access-list 


Combine ping and trace to look for packet loss in the path. 


pathping 192.168.3.5 


Use an application to test the upper layers. 
NetBIOS issues 


Sockets issues 


Start => Run \\ 192.168.3.5 


Find computer 


nbtstat - AIP_ address 


ping 192.168.3.1 


telnet 192.168.3.1 


ftp 192.168.3.1 


tftp 192.168.3.1 


Eliminate any name resolution issues by not using 
hostnames or NetBIOS names at first. 


When other things are working, fix any name resolution 
issues. Ensure name resolution files are in their required 
locations and have the appropriate names. Troubleshoot 
files, DNSL*))WINSL*1 servers, and the network issues to 
and from these devices. 


Name resolution 


DNS,hosts file, NIS tables 


WINS,Imhosts file 
(NetBIOS) 


nbtstat -c (view 
cache) 


nbtstat - R (reload 
cache) 


Microsoft Browser services 
(NetBIOS issues) 


Start, Run 
\\ computername 


Find computer or net 
view 


nbtstat -A 
IP_ address 


Sockets issues 


ping hostc 


telnet hostc 


* 


DHCP = Dynamic Host Configuration Protocol 


* 


NICs = Network interface card 


* 


ARPs = Address Resolution Protocol 


*] DNS = Domain Name Service 


* 


WINS = Windows Internet Naming Service 


NOTE 

Although the commands | use in this book are in their complete form, using truncated 
commands is virtually a mandatory practice in the real world. More importantly 
however, you should know the submode from which the command can be issued. At 
times | tend to issue global configuration commands in interface submode. This works 
just fine assuming that you don't need help in the midst of the command. If you are 
unsure, however, type the command from the appropriate submode and make use of 
the Tab key and ? for help. 


Using the scenario diagram in Figure 3-1, configure r1 similar to what is in Example 3-2. My r1 
is a Cisco 2514, but you can use any Cisco router that has two Ethernet interfaces and two serial 
interfaces for the lab. My passwords are all donna because that is easy to remember for the labs, 
but that is exactly why they should not all be donna for practical application. Throughout the 
following examples, | have made a few careless mistakes that you may or may not make. | will 
troubleshoot them when all my routers are configured per the scenario diagram. 


Example 3-2. r1 Configuration (2514) 


Router>enable 

Router#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 
Router (config) #hostname rl 

r1l(config) #enable password donna 

rl(config)#line vty 0 4 

rl1(config-line) #login 


r1(config-line) #password donna 


rl (config-line) #exit 

rl(config) #interface ethernet 0 

rl1l(config—-if) #description e0 to hosta and hostb 

rl(config-if)#ip address 192.168.1.1 255.255.255.0 

rl(config-if)#no shut 

00:10:12: SLINK-3-UPDOWN: Interface Ethernet0O, changed state to up 

00:10:13: SLINEPROTO-5—-UPDOWN: Line protocol on Interface Ethernet0O, 
changed state to up 

rl1l(config) #interface ethernet 1 

rl1l(config-if) #description el to r2e0 

rl(config-if)#ip address 192.168.4.1 255.255.255.0 

rl1l(config-if) #no shut 

rl(config—-if) #interface serial 0 

rl1l(config-if) #description sO to r5s0 

rl(config-if)#ip address 10.1.1.1 255.255.255.0 


rl(config—-if) #bandwidth 64 


rl(config-if) #no shut 

00:13:11: SLINK-3-UPDOWN: Interface Serial0, changed state to down 
rl(config-if)#ip host rl 192.168.1.1 192.168.2.1 192.168.4.1 10.1.1.1 
rl(config) #ip host r2 192.168.4.2 192.168.5.1 192.168.6.1 

rl (config) #$192.168.2.2 192.168.5.2 192.168.6.2 192.168.3.1 10.2.2.1 
rl(config)#ip host r4 10.2.2.2 

rl(config)#ip host r5 10.1.1.2 

r1l(config) #router rip 

rl (config-router) #network 192.168.1.0 

rl1l(config-router) #network 192.168.2.0 


rl (config-router) #network 192.168.4.0 


rl (config-router) #network 10.1.1.0 


rl (config-router) #end 


rl#copy running-config startup-config 


NOTE 


For the first router configuration, | illustrate the enable command to take you into 
enable mode Router# and the configure terminal command to take you to the 
global configuration mode Router(config)#, where the Cisco output reminds you that 
you can press Ctrl+Z to return to enable mode from any prompt. Alternatively, you can 
typeend to return to the privileged prompt (enable mode) or exit to back up one level 
at a time. | will assume from this point on that you are very comfortable with entering 
and exiting these modes and therefore | will eliminate the initial enable and 
configure terminal commands from my examples. 


NOTE 


Remember that the dollar sign ($) at the beginning of a line of user input is the Cisco 
1OS indication that the text was too much for the width of the terminal screen. You can 
always press Ctrl+A to get to the beginning or Ctrl+E to get to the end of a line. 


Now move on to configuring r2 as in Example 3-3. My r2 is a Cisco 2501, but you can use any 
Cisco router that has at least one Ethernet interface and two serial interfaces for the lab. | copied 
the hosts table lines from r1 and pasted them into this configuration. In future examples, | plan 
to just paste the configuration for the hosts table and passwords to save a little typing. 


Example 3-3. r2 Configuration (2501) 


Router (config) #hostname r2 

r2 (config) #enable password donna 
r2 (config) #line vty 0 4 

r2 (config-line) #login 
r2(config-line) #password donna 
r2 (config-line) #exit 


r2 (config) #interface ethernet 0 


r2(config-if) #description e0 to rilel 
r2(config-if)#ip address 192.168.4.2 255.255.255.0 


r2(config-if)#no shut 


r2 (config—-if) #int 


00:41:44: SLINK-3-UPDOWN: Interface Ethernet0O, changed state to up 


00:41:45: SLINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0O, 
changed state to ups0O 

r2(config-if) #description sO to r3s0/1 

r2(config—-if) #bandwidth 64 


r2(config-if) #ip address 192.168.6.1 255.255.255.0 


r2(config-if)#no shut 

00:42:22: SLINK-3-UPDOWN: Interface Serial0, changed state to down 
r2(config-if) #interface serial 1 

r2(config-if) #description sl to r3s0/2 

r2(config—-if) #bandwidth 64 

r2(config-if)#ip address 192.168.5.1 255.255.255.0 

r2(config-if) #router rip 

r2(config-router) #network 192.168.4.0 


r2(config-router) #network 192.168.5.0 


r2 (config-router) #network 192.168.6.0 

r2 (config-router) #exit 

r2 (config) #ip host rl 192.168.1.1 192.168.2.1 192.168.4.1 10.1.1.1 
r2 (config) #ip host r2 192.168.4.2 192.168.5.1 192.168.6.1 

r2 (config) #$192.168.2.2 192.168.5.2 192.168.6.2 192.168.3.1 10.2.2.1 
r2(config)#ip host r4 10.2.2.2 

r2(config)#ip host r5 10.1.1.2 

r2 (config) #end 


r2#copy running-config startup-config 


NOTE 
The shaded output may appear a little confusing in text and is quite annoying in 


practice. Had | turned on logging synchronous, my input would not have been 
interrupted. You should do this for your configurations. 


Configure the rest of your routers now and check your work using the following examples. | 
copied the text in Example 3-4 to Windows Notepad to easily paste it into r3, r4, and r5. 


Example 3-4. Notepad File Including Passwords and Hosts Table 


enable password donna 

ip host rl 192.168.1.1 192.168.2.1 192.168.4.1 10.1.1.1 
ip host r2 192.168.4.2 192.168.5.1 192.168.6.1 

ip host r3 192.168.2.2 192.168.5.2 192.168.6.2 192.168.3.1 10.2.2.1 
ip host r4 10.2.2.2 

ip host r5 10.1.1.2 

line vty 0 4 

login 

password donna 

line console 0 

logging synchronous 


exit 


Example 3-5 and Example 3-6 start my r3 configuration. My r3 is a Cisco 3640, but you can use 
any Cisco router that has at least one Ethernet interface and four serial interfaces for the lab. 
Although the capabilities are not important in this chapter, having multiple serial interfaces on a 
router enables you to set up your own Frame Relay switch later in the book. Depending on the 
capabilities, the Fast Ethernet interface will give you an opportunity to experiment with duplex 
and speed concepts as well. 


Note in Example 3-5 that | attempted to configure the e0 interface when it was really fa2/0 that 
| needed to configure. A physical inspection of the device confirmed that the Fast Ethernet port 


was located in Slot 2; because you can't physically see my device, however, | proceeded with the 
show interfaces command. 


NOTE 


In practical troubleshooting, don't forget the little things. For example, the position of 
the caret (~) is quite helpful in finding exactly where the syntax error exists within a 
line. 


Wherever you see ... | eliminated some of the output to shorten the length of the 
configuration. 


Example 3-5. r3 Configuration (3640) 


Router (config) #hostname r3 

r3 (config) #enable password donna 

v3 (config) #ip host rl 192.168.1.1 192.168.2.1 192.168.4.1 10.1.1.1 
r3 (config) #ip host r2 192.168.4.2 192.168.5.1 192.168.6.1 

v3 (config) #$192.168.2.2 192.168.5.2 192.168.6.2 192.168.3.1 10.2.2.1 
r3(config)#ip host r4 10.2.2.2 

r3(config)#ip host r5 10.1.1.2 

r3(config)#line vty 0 4 

r3 (config-line) #login 

r3(config-line) #password donna 

r3(config-line) #line console 0 


r3(config-line) #logging synchronous 


r3 (config-line) #exit 


r3 (config) #int e0 


% Invalid input detected at '*' marker. 
r3 (config) #end 


r3#show interfaces 


Serial0/0 


is administratively down, 


Hardware is CD2430 in sync mode 


FastEthernet2/0 


is administratively down, 


Hardware is AmdFE, 
MTU 1500 bytes, 
Encapsulation ARPA, 
Half—-duplex, 100Mb/s, 


ARP type: 


r3#configure terminal 


Enter configuration commands, 


BW 100000 Kbit, 


loopback not set, 


address is 00b0.6481.e300 


100BaseTX/FX 


ARPA, ARP Timeout 04:00:00 


one per line. 


r3 (config) #interface fastethernet 2/0 


DLY 100 usec, 


keepalive set 


line protocol is down 


line protocol is down 


(bia 00b0.6481.e300) 
rely 255/255, load 1/255 


(10 sec) 


End with CNTL/Z. 


r3(config-if)#ip address 192.168.3.1 255.255.255.0 


r3(config-router) #interface serial 0/0 


r3(config-if) #desc r3s0/0 to risl 


r3(config-if) #bandwidth 64 


r3(config-if) #clock rate 64000 


r3(config-if)#ip address 192.168.2.2 255.255.255.0 


r3(config-if)#no shut 


r3(config-if) #interface serial 0/1 


r3(config-if) #description r3s0/1 to r2s0 


r3(config-if) #bandwidth 64 


r3(config-if) #clock rate 64000 


r3(config-if)#ip address 192.168.6.2 255.255.255.0 


r3(config-if)#no shut 


r3(config-if) #interface serial 0/2 


r3(config-if) #description r3s0/2 to r2s1 


r3(config-if) #bandwidth 64 


r3(config-if) #clock rate 64000 


r3(config-if)#ip address 192.168.5.2 255.255.255.0 


r3(config-if)#no shut 


Finish configuring r3, r4, and r5 and test your configurations. 


Now that you have configured your lab, perform some basic lower-layer tests to verify your 
drawing and your internetwork. Make sure all used interfaces are in a line protocol up state as in 
Example 3-6; if they are notin a line protocol up state, fix any noticeable problems at this point. 
Notice how show ip interface brief is a very appropriate command to quickly spot lower-level 


issues. 


Example 3-6. IP Interface Testing 


rl>show ip interface brief 


Interface 


Ethernet0O 


Ethernetl 


SerialO 


Seriall 


DOS Ae Mel 


unassigned 


r2>show ip interface brief 


Interface 


Ethernet0O 


SerialO 


Seriall 


r3>show ip interface 


Interface 


Serial0/0 


Serial0/1 


Serial0/2 


brief 


IP-Address 


1922.1680.1..1 


192.168.4.1 


IP-Address 


192.168.4.2 


192.168:.6.1 


LOA. Ds 1 


IP-Address 


1922168'..2 2 


192. 068)3:6.5.2 


1925168 5.02 


OK? 


YES 


YES 


YES 


YES 


OK? 


YES 


YES 


YES 


OK? 


YES 


YES 


YES 


Method 


NVRAM 


manual 


NVRAM 


unset 


Method 


NVRAM 


NVRAM 


NVRAM 


Method 


unset 


unset 


unset 


Status 


up 


up 


up 


administratively down 


Status 


up 


up 


administratively down 


status 


down 


up 


down 


Protocol 


up 


up 


up 


down 


Protocol 


up 


up 


down 


Protocol 


down 


up 


down 


Serial0/3 


FastEthernet2/0 


unassigned 


192 <160'2.3:50 


r4>show ip interface brief 


Interface 


Ethernet0/0 


Serial0/0 


Serial0/1 


r5>sh ip int brie 


Interface 


BRIO 


BRIO:1 


BRIO:2 
Ethernet0O 
SerialO 


Seriall 


NOTE 


IP-Address 


unassigned 


TO 2 ree 


unassigned 


IP-Address 


unassigned 


unassigned 


unassigned 


unassigned 


DO eleaie 


unassigned 


YES 


YES 


OK? 


YES 


YES 


YES 


OK? 


YES 


YES 


YES 


YES 


YES 


YES 


unset 


manual 


Method 


unset 


manual 


unset 


Method 


unset 


unset 


unset 


unset 


manual 


unset 


down 


status 
administratively 
down 


administratively 


Status 
administratively 
administratively 


administratively 


administratively 


up 


administratively 


down 


down 


down 


down 


down 


down 


down 


down 


down 


Protocol 


down 


down 


down 


Protocol 


down 


down 


down 


down 


up 


down 


In the real world of supporting networks, | typically use the shortcut sh ip int brie to 


quickly identify my interface status and addresses. | spell brief out to the cheese 


(brie) just in case there are any ISDN Basic Rate Interfaces (BRI). 


Think about these line and protocol issues. Target the lower layers to get all the required 
interfaces to a status of up/up before you continue. Check your work using the following 


examples. 


First | spotted, for interface s1, the unassigned IP address and the administratively down status 
on rl, which | correct in Example 3-7. Because my interface command was interrupted once 


more, | must have forgotten logging synchronous on r1, so | added it and saved the 
configuration. 


Example 3-7. Correcting Interface Issues on rl 


rl(config) #interface serial 1 


r1l(config-if) #description sl to r3s0/0 


rl(config-if) #bandwidth 64 


rl(config-if) #ip address 192.168.2.1 255.255.255.0 


rl(config-if)#no shut 


USI 16239% 


05:16:40: 


to up 


SLINK-3-UPDOWN: Interface Seriall, 


SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


rl (config-if) #end 


rl#sh i 


O52 16250: 


Interface 


Ethernet0O 


Ethernetl 


Seriald 


Seriall 


SSYS-5-CONFIG_I: Configured from 


IP-Address 


192.168.1212 


192.168.4.1 


DO he sell Ge 


1924 168'5.2%5 1 


rl#configure terminal 


Enter configuration commands, 


r1l(config) #line console 0 


rl (config-line) #logging synchronous 


rl (config-line) #end 


rl#copy running-config startup-config 


OK? 


YES 


YES 


YES 


YES 


one per line. 


console by consolep int brief 


Method Status 


NVRAM 


manual 


NVRAM 


manual 


End with CNTL/Z. 


changed state to up 


up 


up 


up 


changed state 


Protocol 


up 


up 


up 


up 


The r1sl interface would have come up fine without the bandwidth statement, but it is optimal 
for routing protocols to configure the correct bandwidth statement on your interfaces. The 
description is optional as well, but it certainly makes troubleshooting easier when you know 
exactly what is connected to an interface. Now move along to r2, which has issues with interface 
S1 being administratively down. Fix these issues now and check your work in Example 3-8. 


Example 3-8. Correcting Interface Issues on r2 


r2 (config) #interface serial 1 
r2(config-if)#no shut 


05:20:08: SLINK-3-UPDOWN: Interface Seriall, changed state to up 


05:20:09: SLINEPROTO=5=UPDOWN: Line protocol on Interface Seriall, 
changed state to up 
r2(config-if) #end 


r2#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0 192.168.4.2 YES NVRAM up up 
Serial0 192.168.6.1 YES NVRAM up up 
Seriall 192.168); YES NVRAM up up 


r2#copy running-config startup-config 


r3 requires you to look at your drawing more closely so that you can concentrate on just the 
interfaces being used. Configure any missing IP addresses and issue a no shut command on any 
used interfaces that are showing as administratively down. Check the status of the interfaces in 


Example 3-9. 


Example 3-9. Correcting Interface Issues on r3 


r3#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Serial0/0 192.168..:2.2 YES manual up up 
Serial0/1 192.168.6.2 YES manual up up 
Serial0/2 192168. 5.2 YES manual up up 
Serial0/3 unassigned YES manual down down 


FastEthernet2/0 192.168.3041 YES manual up down 


Example 3-9 indicates that a problem still exists with s0/3 and fa2/0. The other end (host) is not 
running for my Ethernet hostc connection, but you need to examine further the cause of the 
down/down status for s0/3. Think about what's in your tool bag from the preceding chapter to 
assist you further in spotting lower-layer problems. Check your thoughts against Example 3-10. 


Example 3-10. Correcting Physical Issues on r3 


r3#show controllers serial 0/3 
CD2430 Slot 0, Port 3, Controller 0, Channel 3, Revision 15 
Channel mode is synchronous serial 


idb 0x6129A1A0, buffer size 1524, V.35 DTE cable 


Everything looks normal on the r3 end of things from a physical point of view, so now investigate 
the other end of the connection as in Example 3-11. 


Example 3-11. Investigate r4 serial 0/ O Connection 


r4#show controllers serial 0/0 
Interface Serial0/0 

Hardware is Quicc 68360 

No serial cable attached 


idb at 0x60AC9A40, driver data structure at 0x60ACEE10 


| have an advantage in that | can physically inspect my devices; | hope you can do the same if 
you are following along in your own lab. If you look very closely in the picture of my equipment, 
you may be able to detect the error, but | won't assume that for now. The show controllers 
commands certainly display the problem here. Although | did not specifically illustrate the output 


ofshow controllers sO/ 1, the output of s0/0 is quite helpful. | had the cable plugged into sO/1 
rather than s0O/0 on r4. On the 3640, s0/0 is closest to the power switch, which is typical. This 
mistake affected the serial connection between r3 and r4. Example 3-12 shows the output show 
ip interface brief after the physical correction and assigning the appropriate address to sO/3. 


Example 3-12. After the Physical Cable Swap from serial 0/ 1 to serial 
0/0 


r3#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Serial0/0 1925 16852 02 YES manual up up 
Serial0/1 192..168:.6.2 YES manual up up 
Serial0/2 192.168.5552 YES manual up up 
Serial0/3 Og? «Al YES manual up up 
FastEthernet2/0 OP. W685 :3 521 YES manual up down 


r3#copy running-config startup-config 


After you bring your hosts back online, the Fast Ethernet 2/0 status should change from 
up/down to up/up. | give that a test in Example 3-13. My Fast Ethernet interface did not come 
up when | brought the host online, so follow along to determine the issue. 


The first thing | noted was that the network card dongle did not light up for 10 or 100 Mbps. 
Next, look at Figure 3-1 and label what type of cable you need if you have the PC connected 
directly into the Fast Ethernet port. Category 5 crossover is correct. | fixed the problem by 
replacing my original straight-through cable with a crossover Category 5 in-line coupler so that | 
could use two short straight-through cables to make my connection. Figure 3-4 shows a picture 
of the coupler. In practical application, this is where using colored cables would help you to very 
quickly spot the issue. For example, use the normal gray cable for straight-through and use red 
for crossovers. Things appear to be working for now in Example 3-13. 


Example 3-13. Fast Ethernet 2/ 0 Status 


r3#show run interface fastethernet 2/0 


interface FastEthernet2/0 


ip address 192.168 341. 255.255.2550 


no ip directed-broadcast 


end 


07:22:02: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, 
changed state to up 


r3#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Serial0/0 192.16822.2 YES manual up up 
Serial0/1 192.168.6.2 YES manual up up 
Serial0/2 192.168 2542 YES manual up up 
Serial0/3 LOhs 22, YES manual up up 
FastEthernet2/0 192.168 31 YES manual up up 


Figure 3-4. Crossover Category 5 In-line Coupler 


Make sure you have made all corrections, including those that you need for your lab, so that you 
can continue the tests in Example 3-14 for some simple router ping tests. Recall from the 
preceding chapters that ping tests up through Layer 3. 


Example 3-14. Testing the Scenario with Ping 


rl>ping r2 


Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.4.2, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/4/4 ms 
rl>ping r3 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms 
rl>ping r4 

Type escape sequence to abort. 

sending 5, 100=byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 

rl>ping r5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms 


Next check the routing tables and routing protocols as in Example 3-15 to make surer 
route to get to r4. 


Example 3-15. r1 Routing Table 


rl>show ip route 
Codes: C = connected, S = static, I = IGRP, R = RIP, M = mobile, B = BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA - OSPF inter area 


N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 


lhasa 


El = OSPF external. type 1, E2 = OSPF external type 2; E = EGP 


i -= IS=1S, 


Ll 


- IS-IS level-1, L2 - IS-IS level-2, * - candidate default 


U - per-user static route, o —- ODR 


Gateway of last resort is not set... 


Cc 


R 


c¢ 


R 


rl>show ip protocols 


192.168.4. 


192.1685 


1:05.00: 072 


192.168'.6. 


192 ..168)..14 


VO? LOS '2 5 


192:.163'3.3¢ 


0/24 


0/24 


4 is 


30) as. 


0/24 


0/24 


0/24 


0/24 


Routing Protocol is 


is directly connected, Ethernetl 


[120/1] via 192.168.2.2, 00:00:02, Seriall 


subnetted, 1 subnets 


directly connected, Serial0O 


[120/1] via 192.168.2.2,; 00:00:02,. Serials 


is directly connected, Ethernet0O 
is directly connected, Seriall 


[1200/1] waa 192.168 .2.2, 00:005s02,. Serirali 


heap" 


Sending updates every 30 seconds, next due in 3 seconds 


Invalid after 180 seconds, hold down 180, flushed after 240 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list for all interfaces is not set 


Redistributing: 


rip 


Default version control: send version 1, receive any version 


Interface 


Ethernet0O 


Ethernetl 


SerialO 


Seriall 


Send Recv Key-chain 


1 12 
i: 12 
1 1 2 
. 1 2 


Routing for Networks: 


10..'0..0...0 


192 .168:..1.0 


192. 168:.2:.(0 
192.168 4.0 
Routing Information Sources: 
Gateway Distance Last Update 
192. 268.2:.2 120 00:00:02 


Distance: (default is 120) 


Continue to think about the issue here; the output contains some pretty useful information 
(particularly the shaded areas). However, you should analyze any problems that | specifically 
mentioned and fix them now. Check your configurations against mine so that you can return and 
continue to test out end-to-end host connectivity. | made a few other minor changes, which | 
highlight in the next few examples. Examples 3-16 through 3-21 include the running 
configurations for all my routers at this time. 


NOTE 


Checking the running and startup configurations is not the most efficient way to 
troubleshoot, but this is a good check to make sure that your configurations are as 
close to mine as possible with your lab environment. For those of you who are relying 
on me for your lab, this gives you an opportunity to analyze the configurations for 
existing and future issues. 


Example 3-16. rl (2514) Configuration 


rl#show running-config 


hostname rl 

enable password donna 

ip subnet-—zero 

Lp Host £1. VIPER. POO. 68. 221. V9 168w4 oT 1O0e T2127 
ip HhOst 22° 1925168452 192 .16825.1 192.168. 621 


Lp host. 23: 19261682242 LI2c168. 5.2 192. 16GeG22 192.1 68.3.1 1Oue. 2.7 


ip host r4 10.2.2.2 


ip host 75: 10.1. 1.2 


interface Ethernet0O 


description e0 to hosta and hostb 


ap address 192. 168.1.) 2555255. 259..0 


no ip directed-broadcast 


interface Ethernetl 


description el to r2e0 

ip- address 192.168. 4:1 -255.255.255...0 
no ip directed-broadcast 
interface Serial0 

description s0O to r5s0 

bandwidth 64 

ip address 10.1.1.1 255.255.2550 

no ip directed=broadcast 

no ip mroute-cache 

no fair-queue 

interface Seriall 

description sl to r3s0/0 

bandwidth 64 

rp address 1922168.221. 255.255.2550 
no ip directed-broadcast 
router rip 

network 10.0.0.0 

network 192.168.1.0 

network 192.168.2.0 


network 192.168.4.0 


ip classless 


Lan 


e con 0 


logging synchronous 


transport input none 


Lan 


e aux 0 


line vty 0 4 


password donna 


lo 


end 


r1# 


gin 


Next look at r2's configuration in Example 3-17. 


Example 3-17. r2 (2501) Configuration 


r2#show running-config 


hostname r2 


enable password donna 


ip 


ip 


ip 


ip 


ip 


ip 


subnet-—zero 


host 21 


host r2 


host. £3 


host r4 


host 25 


LOZ; LO .c.41 LOZ. 66s 2e0d. 192.168.4412. 10.1.2 ed. 


VO2 e804 o2 192 5168.55.21. 192,168.61 


VIZ 168.262 LOZ 68 so2e2° 192. 168).6.2 192.1685 332 LO. 2021. 


IE Oe eres 


NO iri era ee 


interface Ethernet0O 


description e0 to rlel 


ip address 192:.168..4.2 255.255.259.0 


no ip directed=broadcast 
interface Serial0 
description sO to r3s0/1 
bandwidth 64 

ip address 192:.16836.41 255.255.255...0 
no ip directed-broadcast 
no ip mroute-cache 

no fair-queue 

interface Seriall 
description sl to r3s0/2 
bandwidth 64 

ip address 192.168 5.4. 255.255.255.210 
no ip directed-broadcast 
router rip 

network 192.168.4.0 
network 192.168.5.0 
network 192.168.6.0 

ip classless 

line con 0 

logging synchronous 
transport input none 
line aux 0 

line vty 0 4 

password donna 

login 
end 


c2# 


Make any adjustments to your r2, and then analyze the r3 configuration in Example 3-18. 


Example 3-18. r3 (3640) Configuration 


r3#show running-config 


hostname r3 
enable password donna 

ip subnet=zero 

ip host. £1 192.768.1241. 192.168.2217 192.168 42.1 10.7.1. 
ip host r2 192.168.4.2 192:168.5.1 192.168.6121 
ip host £3 192):1068.2..2 192.168: 5.2 192.168 .6.2 192.168:.3.1 TO.2..2.1 
ip host r4 10.2.2.2 

ip host £5 20 .7.1.2 

interface Serial0/0 

description s0/0 to risl 

bandwidth 64 

ip address: 192.168.2.52 255.255.2550 

no ip directed-broadcast 

no ip mroute-cache 

clockrate 64000 

interface Serial0/1 

description s0/1 to r2s0 

bandwidth 64 

ip address 192.168.622 255.255.255.210 

no ip directed-broadcast 

clockrate 64000 


interface Serial0/2 


description s0/2 to r2s1 

bandwidth 64 

ip address V92 168: 5.2 255..255.255..0 
no ip directed-broadcast 


clockrate 64000 


interface FastEthernet2/0 
description fa2/0 to hostc 
rpraddress 192 168.3241 255.255. 255.0 
no ip directed-broadcast 
router rip 
network 10.0.0.0 
network 192.168.2.0 
network 192.168.3.0 
network 192.168.5.0 
network 192.168.6.0 
ip classless 
line con 0 
logging synchronous 
transport input none 
line aux 0 
line vty 0 4 
password donna 
login 
end 


v3# 


Descriptions are the only modifications | found necessary and this may seem a little mundane, 


but documentation is extremely helpful for troubleshooting. Next analyze the r4 configuration in 
Example 3-19. 


Example 3-19. r4 (3620) Configuration 


r4#show running-config 


hostname r4 

enable password donna 

tp Host £1. 192 768.1 2.1 192. 1685221, 192.168 .4.1 10st. 

ip host: r2° 192.168 .4.2) 192.168.5.1. 192.168.6.1 

ip host. £3 192.168.2.2 L922 c12 68.522. 192.168 .6.2 192.168 .3.1 10.2221 
ip host r4 10.2.2.2 


ip host 25 10 .1.1.2 


interface Ethernet0/0 

no ip address 

shutdown 

interface Serial0/0 
description s0/0 to r3s0/3 
ip address: 10.2.2.2 255..255..255:..0 
no ip mroute-cache 
bandwidth 64 

clockrate 64000 

interface Serial0/1 

no ip address 

shutdown 
router rip 

network 10.0.0.0 


ip classless 


line con 


logging 


line aux 


line vty 


synchronous 


password donna 


login 


end 


vcA# 


Last but not least, compare your r5 configuration to Example 3-20. 


Example 3-20. 3-20 r5 (2516) Configuration 


r5#show running-config 


hostname r5 


enable password donna 


ip 


ip 


ip 


ip 


ip 


ip 


subnet-—zero 


host 


host 


host 


host 


host 


ei: 


r2 


£3 


r4 


ES 


VO2Z 168 14. LO? 166 o2ed, 192,268 430 10d. ded 


192,168 42° LOZ; 168.5.) 192.168.6661 


VIZ s166.2262 1921682522 1O2.168.6.2 192.068.3512 LO.262.1 


MO 2 secliee 


uO pe Lae ae 


hub ether 0 1 


link-test 


auto-polarity 


interface Serial0O 


description sO to ri1s0 

bandwidth 64 

ip address 10.1.1.2 255.255.255.0 
no ip directed-broadcast 

no ip mroute-cache 

no fair-queue 


clockrate 64000 


router rip 

network 10.0.0.0 

ip classless 

line con 0 

logging synchronous 
transport input none 
line aux 0 

line vty 0 4 
password donna 
login 
end 


co# 


Although you have tested many things, there is still a problem with the routing table display (as 
you witnessed in Example 3-15). There are many ways to fix this problem, and by now | predict 
that you thoroughly looked through the configurations and researched your network diagram 
(refer to Figure 3-1) to spot the issue of discontiguous subnets. 


NOTE 


This is probably an opportune time to review IP classless, because it automatically 
showed up in your configurations. It is the default for |OS 12.0 and it very much 
affects how the router does a lookup and whether it makes use of a default route even 


if one exists. Believe it or not, the ip classless command changes the classful lookup 
to classless even for classful routing protocols. At times the router might receive 
packets destined for a subnet of a network that has no network default route. To have 
the Cisco |OS software forward such packets to the best supernet route possible, use 
theip classless global configuration command. To disable this feature, use the no 
form of this command: no ip classless. I'll have you experiment with this in the 
Trouble Tickets. 


The Routing Information Protocol (RIP) does not support discontiguous subnets, or at least 
RIPv1 does not support this. However, what would be the result of changing the routing protocol 
to RIPv2? Example 3-21 displays the steps necessary to change the existing RIPv1 to RIPv2 on 
rl; repeat these steps on r2 through r5 as well. 


Example 3-21. Configuring RI Pv2 


rl(config) #router rip 
rl(config-router) #version ? 

<1-2> version 
rl(config-router) #version 2 
rl (config-router) #end 


rl#copy running-config startup-config 


Test and analyze the results of your configuration. First look at the output of show ip route and 
show ip protocols as in Example 3-22 and test with ping as in Example 3-23. Display the 
routing table, the |P routing protocols, and ensure that r1 can ping all other routers before you 
continue. Compare the results to Figure 3-1 to determine if anything is missing. 


NOTE 


| assume you are familiar with the routing table legend that tells you that R is for RIP 
andC is for directly connected routes, so! have eliminated that part of the routing 
table display in many examples. Refer back to Example 3-15 if you need to review it 
again. 


Example 3-22. Testing and Analyzing r1 RI Pv2 Routes and Protocols 


rl#show ip route 


(ee 192.168.4.0/24 is directly connected, Ethernetl 
R 192.168.5.0/24 [120/1] via 192.168.2.2, 00:00:13, Seriall 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 


R 1L0.0;.0.0/78: [120/21] via 192.168.2.2, 00200813, Seriall 
Cc 10.1.1.0/24 is directly connected, Serial0 

R 192.168.6.0/24 [1120/1] via 192.168.2.2, O0f00%13, Seriall 
Cc 192.168.1.0/24 is directly connected, Ethernet0O 

Cc 192.168.2.0/24 is directly connected, Seriall 

R 192.168:.3.0/24 [1200/1]. via 192.168.2.2, O02 00213, Seriall 


rl#show ip protocols 

Routing Protocol is "rip" 
Sending updates every 30 seconds, next due in 1 seconds 
Invalid after 180 seconds, hold down 180, flushed after 240 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list for all interfaces is not. set 


Redistributing: rip 


Default version control: send version 2, receive version 2 


Interface Send Recv Key-chain 
Ethernet0 2 2 
Ethernet1l Z 2 
Serial0d 2 2 
Seriall 2 2 


Routing for Networks: 


10.0.0.0 


192 160.150 


192 1682.0 


192.168.4.0 
Routing Information Sources: 
Gateway Distance Last Update 
192. VES. 222 120 00200205 
Distance: (default is 120) 
r2#show ip route 
Codes: C -— connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
Bl - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o -— ODR 


Gateway of last resort is not set 


Cc 192.168.4.0/24 is directly connected, Ethernet0O 
e 192.168.5.0/24 is directly connected, Seriall 
R 10.0.0.0/8 [120/1] via 192.168.4.1, 00:00:05, EthernetoO 


[120/1] via 192.168.6.2, 00:00:16, Serial0d 


[120/1] via 192.168.5.2, 00:00:16, Seriall 


Cc 192.168.6.0/24 is directly connected, Serial0 
R 192.168.1.0/24 [120/1] via 192.168.4.1, 00:00:05, Ethernet0 
R 192.168.2.0/24 [120/1] via 192.168.4.1, 00:00:05, Ethernet0 


[120/1] via 192.168.6.2, 00:00:16, Serial0 


[120/11] via 192.168.5.2, O0:00%16, Seriall 


R 192.168.3.0/24 [120/1] via 192.168.6.2, OOF00%16, Serialo 


[120/11] via 192.168.5.2, 00200216, Séerialtl 


Perform your ping tests if you like, but you may not be any more successful than you were with 
RIPv1 from r2's standpoint. Even if you were, for a hint as to the real issue here, the same thing 
would occur if | told you to use Enhanced I nterior Gateway Routing Protocol (EIGRP) instead of 


RI Pv2. The fix is in Example 3-23, so check your thoughts against it and make any necessary 
changes to your configurations. 


Example 3-23. Turning Off Automatic Summarization and Reviewing 
the Routing Table 


rl(config) #router rip 
rl(config-router) #no auto-summary 
rl (config-router) #end 


rl#copy running-config startup-config 


r3 (config) #router rip 
r3(config-router) #no auto—-summary 
r3 (config-router) #end 


r3#copy running-config startup-config 


r2#show ip route 
Codes: C -— connected, S - static, I - IGRP, R - RIP, M — mobile, B — BGP 


D — HIGRP, EX = EIGRP external, O — OSPF, IA — OSPF inter area 


Nl - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 


El — OSPF external type 1, E2 — OSPF external type 2, E —- EGP 
i = TS=1S, L1 = 1S=I1S level=1, L2 = DTS=1S level=2, * =— candidate default 
U - per-user static route, o -— ODR 


Gateway of last resort is not set 


Cc 192.168.4.0/24 is directly connected, Ethernet0 


Cc 192.168.5.0/24 is directly connected, Seriall 


10.0.0.0/24 is subnetted, 2 subnets 


R LO.2.2'0° [120/11 wha 192.168.6.2, 00::00500, Serial0 


[120/1] via 192.168.5.2, 00:00:00, Seriall 


R 10.1.1.0 [120/1] via 192.168.4.1, 00:00:20, Ethernet0 


c 192.168.6.0/24 is directly connected, Serial0 
R 192.168.1.0/24 [120/1] via 192.168.4.1, 00:00:20, Ethernet0 
R 192.168.2.0/24 [120/1] via 192.168.6.2, 00:00:00, Seriald 


[120/71] via 1922168.5:2, 00:00:00, Seriali 


[120/1] via 192.168.4.1, 00:00:20, Ethernet0O 


R 192..168.3.:0/24 [120/1] vie 192.168.6.2, 00:00:01, Sertalo 


[1200/1] wia 192.168.5.2, 00200301, Serial 


As a result of the no auto-summary command on rl and r3, Example 3-23 clearly illustrates 
that r2 is less confused about where to send the packets destined for network 10.0.0.0. 


RIPv2 is classless and RIPv1 is classful. Classless routing protocols—such as RIPv2, EIGRP, 
OSPF, and Intermediate System-to-I ntermediate System (1S-1S)—support variable-length 
subnet masking (VLSM) and summarization. All routing protocols support summarization, but 
the classful ones do that ina fixed manner, at the class boundary. Hence in this example, the 
routers could not differentiate between 10.1.1.0/24 and 10.2.2.0/24 because a completely 
different network separated them. This is what is meant by discontiguous subnets. The "Routing 
Protocol" and "Summarization" sections of this chapter provide a little more detail. You can 
count on gaining more practical experience with this issue in the Trouble Tickets. 


NOTE 


Just remember that pinging by hostname tries only the first |P in the hosts table. 
However, the other addresses in the hosts table (Show hosts) are reachable via other 
commands, such as telnet. Other interfaces could be down or unreachable and you 
wouldn't know about it if you just pinged by hostname. So the show ip interface 
brief command complements this. Be wary, however, of the one-way link on Ethernet. 
This just means that you may be transmitting (Tx) but not receiving packets (Rx) or 
vice versa. Keep in mind that you transmit over one pair and receive over the other, so 
the Physical Layer is never exempt from problems even though you know you 
connected everything properly. 


After you verify router connectivity, move on to verify host-to-host connectivity as in Example 3- 
24. You may find Table 3-1 to be a helpful guide here. This is a good time to check the interfaces 
and routing tables on all your other routers, too. Although | didn't display the output, all of my 
routers can ping all my other routers using the configured hosts table. 


Example 3-24 displays the host-to-host testing from hosta to hostc. | assume you took time to 
configure the appropriate default gateways for your hosts; if not, do that now. 


Example 3-24. Testing and Analyzing Host-to-Host Connectivity from 


hosta to hostc 


C:\>ipceonfig 


Windows 2000 IP Configuration 


Ethernet adapter Local Area Connection: 


Connection-specific DNS Suffix 


IP Address. 

Subnet Mask 

Default Gateway 
!!thosta can ping itself 


C:\>ping 192.168.1.11 


Pinging 192.1768.1.11 with 32 bytes of data? 


Reply from 192.168.1.11: 
Reply from 192,168.41 ..11-: 


Reply from 192.168.1.11: 


Reply trom 192.168.141.121: 


bytes=32 time<10ms 


bytes=32 time<10ms 


bytes=32 time<10ms 


bytes=32 time<10ms 


Ping statistics for 192.168.101.711 


Packets: Sent = 4, Received = 4, Lost = 


LO? : 166)5.1 514. 


290% 2o0%.2 00060 


BGS Peele ol See eee 


Approximate round trip times in milli-seconds: 


Minimum = Oms, Maximum 


= Oms, Average 


!!thosta can ping its gateway 


C:\>ping 192.168.1.1 


Pinging 192.168.1.1 with 32 bytes of data: 


Reply from 192.168.1.1: 
Reply from 192.168.1.1: 


Reply from 192.168.1.1% 


Reply from 192.168.1.1: 


Ping statistics for 192. 


by 


by 


by 


by 


tes=32 time<10ms 


tes=32 time<10ms 


tes=32 time<10ms 


tes=32 time<10ms 


HE ots te lg! La 


= Oms 


TTL=255 


TTL=255 


TTL=255 


TTL=255 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
!!thosta can ping hostc 
C:\>ping 192.168.3.5 
Pinging 192.168.3.5 with 32 bytes of data: 
Request timed out. 
Reply from 192.168.3.5: bytes=32 time=20ms TTL=126 


Reply from 192.168.3.5: bytes=32 time=10ms TTL=126 


Reply from 192.168.3.5: bytes=32 time=10ms TTL=126 
Ping Statistics for 192.168. 3.4.5: 
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 
Approximate round trip times in milli-seconds: 
Minimum = 10ms, Maximum = 20ms, Average = 10ms 


Cr\> 


Just in case you have any issues, you might find it helpful to display the host routing tables as in 
Example 3-25. Hosta has a default gateway of its local router interface 192.168.1.1. Hostc has a 
default gateway of 192.168.3.1, which you can verify by issuing the route print or 
ipconfig/winipcfg commands on the host. 


Example 3-25. Testing and Analyzing Host-to-Host Connectivity from 
hosta Continued 


C:\>route print 


Interface List 


ORL, ee 8b de bo Se Se Eke eae Hees we MS TCP Loopback interface 
Ox2 22244 45 353 54.42 00) srs ose NOC Extranet Access Adapter 
Ox1l000004 ...00 10 4b a5 a 50 aves FE575 Ethernet Adapter 


Active Routes: 


Network Destination 


0.0.0.0 


127 20's 00 


192. 160.520 


192 1:68:41. 4,10 


192.168.1255 


224.0.0.0 


Zot Owes 200 


Default Gateway: 


Persistent Routes: 


None 


Netmask 


O.10:0)510 


2992 Oe O30 


ZOO CIO 200% 0 


299% 2902200200 


ZO Ie2 IIe OOe ZOD 


224.0.0.0 


ZOD= 2 IIL O0Re DD 


192 ..1:68:615-1. 


Gateway 


192 4160'2. 1.5.4. 


AEF si0is O's 


192%. 060504 


T2 7 OO 


192... b60%.04 1. 


192 1 68 oci.. 1. 


192 eh 6O ss LL 


Interface 


1L92..068).1. 01 


CAT O's 


LOZ VGC e421. 


127 0 Oed 


192.060.0201 


1921 68 6 ck.o TA 


Metric 


Now that you have a working IP scenario, it's time to investigate some of the underlying 
components of the TCP/IP suite. 


Protocols and Packets 


This section covers some of the protocols, applications, and utilities at each layer of the TCP/IP 
suite that may assist you with supporting day-to-day internetworks. First the Internet Layer is 
discussed, then the Transport Layer, and finally the Application Layers. Each layered subsection 
contains protocol analysis and packet captures, including a review of the packet headers, to help 
you better understand the packet traces and prepare you for troubleshooting on your own. 


Table 3-2 and the following subsections provide a layered perspective of many of the TCP/I P- 
related protocols, applications, and utilities. 


NOTE 


The asterisk (*) next to the protocols in Table 3-2 is just to draw your attention to the 
fact that protocols and applications are written to perform functions. The * denotes 
that these particular protocols, applications, and utilities are generally classified at 
Layer 3 (as discussed in the previous chapters). Although | hesitate to bring it up 
because it is such a point of contention, OSPF and EIGRP are not transports; they are 
routing protocol (applications). They run as independent processes/applications. As 
with all applications, the developer can decide to use Transport Control Protocol (TCP) 
or User Datagram Protocol (UDP) or to create his/her own. The latter was done for 
both of these. ARP is similar in this regard; it is not a Network Layer protocol. It is an 
application that bolts directly onto the Data Link Layer. Therefore, it would be more 
accurate to say that the intervening layers are skipped. A whole different way to 
characterize these message types is as control plane, management plane, and data 
plane. This is why | suggested you read the RFCs in the first chapter. However, my 
objective here is to briefly review the protocols, applications, and utilities and use a 
protocol analyzer to analyze the layers for troubleshooting purposes. 


Table 3-2. TCP/ 1P Protocols, Applications, and Utilities 


1SO'sOSI DoDTCP/ IP 
Layer | Model Suite Protocols, Applications, and Utilities 
7 Application Application Telnet, NFS, FTP, TFTP, HTTP, DNS, X.500, *RIP, 
*BGP, *DHCP, ASCII, EBCDIC, JPEG, GIF, NetBIOS, 
SOCKETS 
6 Presentation 
5 Session 
4 Transport Transport TCP, UDP, *OSPF, *EI GRP 
Host-to-Host 
3 Network Internet 1P, |CMP, ARP/RARP 
2 Data Link Data Link Ethernet, Token Ring, FDDI, Frame Relay, ATM, ISDN, 
HDLC, over various media types 
1 Physical Physical ae ae TP 


Frame Types 


Encapsulation, frame format, frame type—they all mean the same thing, which is packaging the 
upper-layer data, voice, or video into an Layer 2 frame. See Chapter 4, "Shooting Trouble with 

Novell |PX," and the detailed Layer 2 LAN and WAN chapters for frame type information. Part 11] 
of this book covers supporting Ethernet, switches, and virtual LANs (VLANs) and Part1!V is about 
supporting the WAN. 


Internet Layer Protocols, Applications, and Utilities 


Internet protocols such as those listed in the Table 3-2 are well suited for LAN and WAN 
heterogeneous communications. The Internet suite of protocols includes not only TCP and IP but 
also many upper-layer applications and utilities for file, print, messaging, database, and other 
common practical services. 


Ensure that your lab is up and running properly so that you spend your efforts on what happens 
behind the scenes when hosta pings hostc from an IP standpoint. In this section, you turn on 
your Sniffer on segment 1 and at least capture a ping from hosta to hostc so that you can walk 
through the fields in the IP header. 


Example 3-26 lists in bold the recommended steps to perform from hosta while capturing the 
packets with Sniffer Pro or the protocol analyzer you are using for your lab. 


Example 3-26. Steps Performed on hosta While Capturing the Packets 


with Sniffer Pro 


C:\>ping 192.168.3.5 


Pinging 192.168.3.5 with 32 bytes of data: 


Request timed out. 


Réply from 192.168..3..5% 


Reply from 192.168.3.5: 


Reply from 192.168.3.5: 


Ping statistics for 192. 


Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 


bytes=32 time=20ms TTL=126 


bytes=32 time=10ms TTL=126 


bytes=32 time=10ms TTL=126 


68's Bin Ds 


Approximate round trip times in milli-seconds: 


Minimum = 10ms, Maximum = 20ms, Average = 10ms 


C:\>ping 192.168.3.5 


Panging 192 .168.3:5 with 32. bytes of datas 


Reply from 192.168.3.5: 


Reply from 192.168.3.5: 


Reply from 192.168.3.5: 


Reply from 192.168.3.5: 


Ping Statistics for 192. 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 


bytes=32 time=10ms TTL=126 


bytes=32 time=10ms TTL=126 


bytes=32 time=10ms TTL=126 


bytes=32 time=20ms TTL=126 


1685 Bix. 5:5 


Approximate round trip times in milli-seconds: 


Minimum = 10ms, Maximum = 20ms, Average = 12ms 


C:\>tracert 192.168.3.5 


Tracing route to HOSTC [192 168:.3..5] 


over a maximum of 30 hops: 


al 10 ms <10 ms 
2 20 ms 20 ms 
3 20 ms 30 ms 


Trace complete. 


C:\>pathping 192.168.3.5 


<10- ms -192.5168..1.1 


20 ms 192.168.2.2 


30 ms HOSTC [192.168.3.5] 


Tracing route to HOSTC [192..168.3.5] 


over a maximum of 30 hops: 


O HOSTA [192.168.1.11] 


b -b97's hs del 


2 LOZ LES aee 


3 HOSTC. [192 168:.3..5)] 


Computing statistics for 75. seconds... 


Source to Here This Node/Link 
Hop RIT Lost/Sent = Pct Lost/Sent = Pct Address 

0 HOSTA [192.168.1111] 
0/ 100 = 0% | 

1 Oms 0/ 100 = 0% 0/ 100 = O08 192.168.1.1 
0/ 100 = 0% | 

2 20ms 0/ 100 = 0% 0/ 100 = 02 192.168.2.2 
0/ 100 = 0% | 

3 20ms 0/ 100 = 0% 0/ 100 = 0% HOSTC [192.168.3.5] 


Trace complete. 
C:\>arp —a 


Interface: 192.168.1.11 on Interface 0x1000005 


Internet Address Physical Address Type 
1926268 ed. 1 00-00-0c-8d-67-05 dynamic 
Ci \> 


Table 3-3 lists the fields of the IP header (packet or datagram), and Figure 3-5 shows the first 
significant ping lines of the Sniffer packet capture of hosta pinging hostc. Refer to the file 
chapter 3 ping from hosta to hostc sniffer capture. 


Figure 3-5. Hosta ARPs the Router 
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NOTE 


The practical studies lab-based nature of the rest of the material in this book assumes 
some basic knowledge of shooting trouble and working with tools. As necessary, refer 
back to the Chapter 1 encapsulation topic to review the way data is packaged in an IP 
packet. For a review of the Sniffer Pro interface and how to use the tool, refer back to 
Chapter 2, "What's in Your Tool Bag?" 


Table 3-3. The |P Header (Packet or Datagram) 


| Fields | Bits Description 
Version 4 | Version of IP. 
Header length | 4 | Length in 32-bit words (HLEN). 
Priority and TOS | 8 (more | Datagram handling for the upper-layer protocol (delay, 
detail) | throughput, reliability, and cost). 
| Total length 16 | Maximum length of datagram is 65535 bytes (data and 
header). 
| dentification 16 Identifies smaller fragments that need to be re-assembled back 


| into the same packet. 


Flags | 3 Specify whether packet can be fragmented and whether there 
| are any more fragments. 


Fragment offset | 13 | The order (byte count) of the fragment in the big packet for re- | 
| assembly purposes. 


TTL 8 Time-to-live for the packet. When it decrements to 0, the 
packet is discarded. Keeps packets from looping forever. 

Protocol 8 Pointer to the upper-layer protocol. 

Header checksum | 16 For header integrity. 

Source IP 32-bit sending node. 

address 

Destination IP 32 32-bit receiving node. 

address 

Options 0- 32 Allows IP to support such options as security, testing, or 
debugging. 

Data Varies The actual data and upper-layer information. 


View the summary pane to be aware of the general packet flow when hosta initiated a ping to 
hostc in Figure 3-5. Hosta is on network 192.168.1.0/24, and hostc is on network 
192.168.3.0/24, so hosta relied on its default gateway (local router interface) in which to hand 
the packets. Line 28 shows the local ARP request as a broadcast command, and line 29 shows 
the unicast ARP response from 192.168.1.1 (default gateway). Compare this to the arp -a 
output on hosta back in Example 3-26. Lines 30 to 37 illustrate the |CMP Echo Requests and 
Echo Replies. Normally, Microsoft hosts issue four requests and four replies, whereas Cisco 
routers give you five by default. However, there are not four replies here. Look back at Example 
3-26 to analyze why. 


Move along to the Echo Request packet on line 32 in Figure 3-6. Notice how | sized my windows 
to see more of the detailed IP header. These are the same fields that are in Table 3-3. Compare 
them one-by- one until you are comfortable with the IP packet structure (although this will not be 
your last chance to do this). Also note the differences between the Echo Request and the Echo 
Reply packet. Figure 3-7 displays the output of an Echo Reply. 


Figure 3-6. Analyzing the | P Header of an Echo Request Packet 
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Figure 3-7. Analyzing the IP Header of an Echo Reply Packet 
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The main differences you should have noted in the Sniffer traces include the following: 


e The source and destination MAC addresses are reversed per the Data Link Control (DLC) 
header. 


e The source and destination IP addresses are reversed per the IP header. 


e The Internet Control Message Protocol (ICMP) type is 8 for the Echo Request and 0 for the 
Echo Reply per the ICMP header. 


Real-world packet analysis should make you a little more comfortable with how IP works, but I'll 
certainly test that out in the upcoming Trouble Tickets. IP is the main protocol at the Internet 
Layer that has helpers such as ARP and ICMP to assist it with its duties. ARP is for resolving an 
IP address to a MAC address, whereas Reverse Address Resolution Protocol (RARP) is for 
resolving a MAC address to an IP address. ICMP is for status and error reporting. Look back at 
Example 3-26 to see the status lines, such as Reply from..., and the error reporting, such as 
Request timed out. Obviously, this is why you didn't have four successful replies in the protocol 
analyzer capture. Also note in the Example that 192.168.3.5 is nowhere to be found in the ARP 
cache; instead, the default gateway IP and MAC address is there. Example 3-27 displays the e0 
interface on rl so that you can compare this information. Also note that r1 has hosta 
192.168.1.11 in its IP and ARP cache. 


Example 3-27. r1 Ethernet 0 |1P and MAC Addresses 


rl#show interfaces ethernet 0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: e0 to hosta and hostb 
Internet address is 192.168.1.1/24 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:00, output 00:00:09, output hang never 
Last clearing of "show interface" counters never 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 1/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
2358 packets input, 361385 bytes, O no buffer 
Received 1949 broadcasts, 0 runts, O giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
2889 packets output, 320787 bytes, O underruns 


0 output errors, 11 collisions, 2 interface resets 


0 babbles, O late collision, 15 deferred 
OQ lost carrier, O no carrier 
0 output buffer failures, O output buffers swapped out 
rl#show ip cache 
IP routing cache 1 entry, 172 bytes 
5 adds, 4 invalidates, 0 refcounts 
Minimum invalidation interval 2 seconds, maximum interval 5 seconds, 
quiet interval 3 seconds, threshold 0 requests 
Invalidation rate 0 in last second, 0 in last 3 seconds 
Prefix/Length Age Interface Next Hop 
192,.168.1.11/32 03:02:54 Ethernet0O 192.2168 51.17 


rl#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Invernet. 192.168.1011 34 0010.4ba5.ae50 ARPA BRthernet0 
Internet 192.168).1..1 = 0000.0c8d.6705 ARPA BRthernet0 
Internet. 192.168)..4.:1 7 0000.0c8d.6706 ARPA BRthernet 1 
Internet 192.168).4.2 42 0000.0c38.a05d ARPA ERthernet1 
r1l# 

NOTE 


ARP is dynamic in nature, but once in a while in troubleshooting you may need to 
manually clear an entry or two. On a router, clear arp-cache does not truly clear the 
table; instead, it refreshes the entire table, and depending on the number of entries 
this could be more of an impact than you intend. Use shut / no shut to remove the 
entries associated with a given interface. On a Windows-based machine, the command 
isarp -dip address to remove a particular address. 


| want to continue the layered approach to discussing TCP/IP, so next the discussion moves up 
the stack to the Transport Layer. After | discuss the Transport and Application Layers, | spend a 
bit more time on addressing and protocols before venturing into the Trouble Tickets. 


Transport (Host-to-Host) Layer Protocols, Applications, and Utilities 


Recall from the OSI model in Chapter 1, the Transport Layer is all about host-to-host delivery. 
TCP and UDP are the Transport Layer twins. TCP is connection-oriented (logical connection) and 
reliable (ACKs). 


UDP, like IP at the Internet Layer, is connectionless and unreliable; therefore it relies on the 
upper layers for reliability. TCP is like the certified mail protocol, whereas UDP is like the regular 
mail (or better yet, bulk mail) protocol. 


UDP is connectionless, which means it does not require an established connection before 
communications can occur. It is unreliable at the Transport Layer, which means that its 
reliability is left up to the application. Compare the TCP and UDP packet formats in Tables 3-4 
and3-5. 


NOTE 


Perhaps the word unreliable is a bit harsh for UDP. What! mean is that UDP is not 
reliable because it has no built-in mechanism to detect and overcome errors, so it must 
hand off to an upper-layer protocol to perform that task. 


Table 3-4. The TCP Segment 


Fields Bits Description 
Source Port 16 Sending port. 
Destination Port 16 Receiving port. 
Sequence Number | 32 Tracks byte transfer. 
Acknowledgment 32 Confirms byte transfer. Forward referenced and expectational in 
Number that it contains the sequence number of the next byte expected. 
Data Offset 4 Number of 32-bit words in the header. 
Reserved 6 For future use. 
Flags 6 flags | Synchronization (SYN) 
of TCP 

Acknowledgement (ACK) 

Finish (FIN) 

Push (PSH) 

Urgent (URG) 

Reset (RST) 


Window Size 16 How many bytes are sent per segment. Size of sender's receive 
window. Incoming buffer space. (How many pizzas can you put 
in the warming bag if you are the delivery person?) 


Checksum Sender generates and receiver verifies to see whether the 
header was damaged in transit. 

Urgent Pointer Points to first urgent data byte, such as Ctrl+Z to end urgent 
data. 

Options 32 Various options must end on a 32-bit boundary, and padding 


guarantees this. 


Data Varies Upper-layer information. 


Table 3-5. The UDP Datagram 


Fields Bits Description 

Source Port 16 Sending port 
Destination Port 16 Receiving port 

UDP Length 16 Data and header 
Checksum 16 Optional 

Data Varies | Upper-layer information 


The 20-byte TCP header is a lot more sophisticated than the 8-byte UDP header, as you will 
again confirm with Sniffer. First, open the previous Sniffer Pro trace where you issued the ping 
and tracert commands in Example 3-26. | named my file chapter 3ping from hosta to hostc 
sniffer capture. Use this file to analyze the layers or refer to Figure 3-8, in which! emphasize the 
layers of a RIP packet. 


Figure 3-8. Analyzing the RIP Packet at Layers 2, 3, and 4 
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Although the focus in this subsection is the Transport Layer, remember that each layer depends 
on the functionality of another layer to carry out communications. The Sniffer trace certainly 
illustrates that. For example, the RIP packet at the Data Link Layer is a good example of 
multicast communications. RIPv2 works via multicast address 01005E000009 at Layer 2, 
whereas RIPv1 works via broadcast, which would be shown as all Fs at Layer 2. The EtherType is 


0800, which tells the Data Link Layer to hand off to IP at the Internet Layer for further 
processing. 


Review the IP header fields—Version, Header length, TOS, Total length, Identification, Flags, 
Fragment offset, TTL, Protocol, Checksum, Addresses, and Options. The IP header contains the 
Protocol field to hand off to at the next layer in the stack. In Figure 3-8, for example, the 
protocol number is 17, which means to hand up to UDP. The source address is the Ethernet 0 


interface on rl, and the destination is again the reserved multicast address of 224.0.0.9 for 
RIPv2, but this time at the Internet Layer. 


|ANA has reserved addresses from 224.0.0.0 through 224.0.0.255, such as those in Table 3-6, 
for local multicasts. 


Table 3-6. Local Multicast Addresses 


Multicast Address Description 

224.0.0.1 All systems on this subnet 
224.0.0.2 All routers on this subnet 
224.0.0.5 OSPF routers 

224.0.0.6 OSPF designated routers 
224.0.0.9 RI Pv2 


Globally scoped addresses from 224.0.1.0 through 238.255.255.255 can be used to multicast 
data between organizations and across the Internet. An example of an |ANA reserved address is 
224.0.1.1 for Network Time Protocol (NTP). 


NOTE 


Refer to www.iana.org/ assignments/multicast-addresses for more information and 
examples. 


In addition, [ANA owns a block of Ethernet MAC addresses that start with 01:00:5E, where half 
of the block (0100.5e00.0000 through 0100.5e7f.ffff) is allocated for multicast addresses. In the 
Ethernet address, 23 bits correspond to the IP multicast group address. Search for "ethernet 
mac multicast" at Cisco.com to get a detailed explanation and pictures. With this mapping, the 
upper 5 bits of the IP multicast address are dropped and the resulting address is not unique, 
which results in different multicast group IDs that all map to the same Ethernet address. The 
Internet Group Management Protocol (IGMP) dynamically registers individual hosts ina 
multicast group. The hosts send |GMP messages to their router. The routers listen and 
periodically send out queries to discover which groups are active or inactive on a particular 
subnet. 


The Transport Layer contains the fields listed Table 3-5 for the UDP datagram. RIP works via 
UDP port 520, which is clearly revealed here. UDP port 520 is how the Transport Layer hands off 
to the Application Layer for RIP communications (as discussed in more detail later). For now, 
look at the details of TCP. 


TCP provides end-to-end full- duplex delivery, flow control through windowing, and error- 
detection and -correction services. Data moves in a continuous byte stream, in which bytes are 
identified by sequence numbers. TCP hides lower-layer intricacies from the upper layers on the 
receiving host. |1t segments and re-assembles data for upper-layer applications based on various 
port numbers. Unlike UDP, however, a 3-way handshake must occur before communications can 
begin. This establishes the virtual connection between the two communicating parties (see 


Figure 3-9). 


Figure 3-9. The TCP 3-Way Handshake Sequence 


hosta 


192.168.1.0/24 1 <= 
A 


(Local 


Arp Request ———______________> Broadcast) 


(Unicast) <-------—- Arp Reply 


D=23 S=1079 SEQ =...2607 
1 Syn 


D = 1079 S=23 ACK =...2608 SEQ =...3396 
2 ee 


D=23 S=1079 ACK =...3397 
3 Ack 


A good example of an application that uses TCP is telnet. Try it out and telnet from hosta (at the 
command prompt) to rl. Capture your results with Sniffer (see Figure 3-10). Save the Sniffer file 
aschapter 3 telnet from hosta to rl sniffer capture so that you can refer back to it later. Analyze 
your own capture or look at my Sniffer trace. It may prove helpful to use the Sniffer output to 
label the 3-way handshake in Figure 3-9, including flags, ports, sequence, and 
acknowledgement numbers. 


Figure 3-10. Analyzing Telnet and the 3-Way Handshake 
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In the preceding example, hosta was configured with the local router IP address as its default 
gateway. Because of this, hosta sent an ARP request packet to its default gateway to learn the 
MAC address of the Ethernet 0 interface on rl. The command arp -a on the host would have 
shown this, whereas show ip arp is the command on the router. ARP frames are not part of the 
3-way handshake or TCP session, but are certainly required for hosta to transmit data. 


Study TCP in the Sniffer capture and drawing. It is often referred to as the 3-way handshake. 
Step 1 of the 3-way handshake (SYN) is like me introducing myself to you and giving you my 
basic communication parameters so that we can talk. Step 2 is like you saying, "Okay (ACK), 
Donna, | want to talk, too; here are my communication parameters (SYN)." Step 3 is my okay 
(ACK) to you. After a 3-way handshake, the two communicating parties are virtually connected 
and TCP communications can then occur. Some applications require multiple handshakes. A 
bona fide example is anything involving the World Wide Web (WWW). Every time you click a link 
on a web page, another TCP session starts. Another example is a phone call. The connection is 
set up and you talk; then the logical connection is torn down and is available for someone else. 


Next look a little closer at the exact packets in the Sniffer capture for the 3-way handshake. You 
can glean a lot from the summary pane on this one, but the detail pane is shown as well. The 
shaded line 7 starts the handshake described in Figure 3-9. It shows the SYN from hosta 
(192.168.1.11) to the router (192.168.1.1). The source port (S) is random (ephemeral) port 
number 1079, but the destination port is the well-known port number 23 for telnet. 


Ports are places to leave stuff for applications to pick up, as you will continue to see throughout 
this book. A client typically establishes a port within first 4 bytes of the Transport Layer header. 
Notice how the ports reverse depending on who is doing the talking, hosta or the router. Line 8 
shows the router responding back to hosta with ACK number ...2608, which if you look close is 
one more than the previous SEQ number of ...2607. The SEQ of Step 2 of the handshake is 
...3396. Step 3 of the handshake in line 9 ACKs the previous SEQ number with ...3397. When the 
TCP session has been established, the numbers increment by the actual number of bytes 
transferred. 


Instead of analyzing the telnet details, | want you to pay attention to the TCP session tear down 
next. Open your Sniffer capture and refer to the very end of the file as | illustrate in Figure 3-11. 


Figure 3-11. TCP Session Disconnect 
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Frame 132 starts the TCP disconnect with the FIN flag from the router. Hosta ACKs in frame 133 
and says, "Hey, | am also finished," in frame 134 (FIN). The router gives the final ACK in the last 
frame. A 4-way disconnect like this is common. 


Next | want you to think outside the box a little. What would have happened if the default 
gateway was not configured on the host or if the router was not local in the preceding testing? 
You can give me the number one phrase that most support people give, which is, it depends; as 
usual, however, I'll cringe at that answer. In many cases, however, that is the best answer. 
Actually, the packets may still get to their destination assuming proxyARP is enabled on the 
router and that hosta will ARP for nonlocal destinations. 


Proxy ARP helps hosts reach remote subnets without configuring routing or a default gateway. 
Configuring the host with a smaller subnet mask would make the host ARP for everything and 
thus send all packets via the router. The router just replies to the host with its MAC address 
assuming that it is configured to accept and respond to proxy ARP. Obviously, there are security 
and overhead disadvantages to proxy ARP. The Cisco |OS interface command no ip proxy-arp 
turns this off and is shown in Example 3-28. 


Example 3-28. Proxy ARP 


rl#show run interface ethernet 0 
interface Ethernet0O 


description e0 to hosta and hostb 


ip address 192.168.1241 255.255.2550 
no ip directed-broadcast 
end 
rl#configure terminal 
rl(config) #interface ethernet 0 
rl(config-if)#no ip proxy-arp 


rl (config-if) #end 


rl#show run interface ethernet 0 


interface Ethernet0 

description e0 to hosta and hostb 
ip address 1925168121 255.255 .255...0 
no ip directed=broadcast 

no ip proxy-arp 

end 

rl#configure terminal 

rl(config) #interface e0 


rl(config-if) #ip proxy-arp 


rl (config-if) #end 


Prior to the thinking outside the box exercise, you were working with telnet, which is an 
application based on TCP port 23. TCP port 23 is the pointer from the Transport Layer to the 
Application Layer, just as the IP packet contains a protocol number such as 6 to link to the 
Transport Layer TCP protocol for further processing. Figure 3-12 shows this layer linkage for the 
UDP and TCP applications you previously examined. You can always compare this to your saved 
Sniffer traces to validate the theory from the lower layers to the upper layers. 


Figure 3-12. Protocols, Applications, and Utilities 
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Many applications have well-known port numbers assigned. Ports greater than 1024 are referred 
to as ephemeral, random, short-lived, or temporary, whereas numbers below 1024 are 
considered well-known ports. 
Figure 3-13,www.iana.org, and RFC 1700 provide you with more detail. Ports are often 
categorized as follows: 

e 0- 1023 Well-known 

e 1024-49151 Registered 


e 49152-65535 Dynamic (private) 


Figure 3-13. Application Port Numbers 
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As you have seen in the previous subsections, after you have eliminated Physical Layer issues, 
protocol connections are troubleshooting targets that must be considered. After the protocol 
connections have been confirmed as operational, it is time to move up to the Application Layers. 
| could not begin to cover the vast variety of upper-layer applications in use today, but! will 
introduce some of the major Application Layer protocols of the TCP/IP suite. 


Upper-Layer Protocols, Applications, and Utilities 


This subsection covers applications such as telnet, FTP, TFTP, SMTP, POP3, DNS, SNMP, RIP, 
HTTP, HTTPS, and DHCP. Obviously, these are not the only applications you will need to 
troubleshoot, but they are very common. 


First look at the terminal emulation protocol telnet from an application perspective. Review 
Figures 3-9 and 3-10 and your Sniffer capture file (chapter 3 telnet from hosta to r1 sniffer 
capture).Figure 3-14 illustrates the telnet session from hosta on port 1079 to rl on port 23. Line 
10 starts the telnet session, which was dependent on the TCP 3-way handshake in lines 7, 8, and 
9. Notice the echo, window size, and terminal negotiation in lines 10 to 15. Frame 12 is waiting 
for the login that eventually appears in lines 17 to 25 one character at a time. In addition, notice 
how that after the user-level password | typed the necessary command and password to get into 
enable mode. Although | do not show all this in the screen capture of Figure 3-14, if you have 
your own file you can see the rest of the commands that were typed on the router, letter for 
letter. It is pretty obvious here that the standard telnet programs do not encrypt the login 
information, and | doubt that this is what you want people to see when you telnet to your 
devices to configure them. In the real-world application of telnet where security is more ofa 
concern, many people use secure telnet programs (Secure Shell [SSH] port 22). Examples 
include SecureCRT, CommNet, and PuTTY.SSH. 


Figure 3-14. Telnet from an Application Perspective 
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Next look at TFTP and FTP. As | illustrated in Figure 3-13, TFTP typically operates over UDP port 
69, and FTP typically operates over TCP port 21 for control and 20 for data. When | say typically, 
| really mean that this is entirely up to the developer. FTP and TFTP are very useful applications 
in the support environment. For instance, what happens if you lose the configuration on one of 
your routers? Hopefully, you have an automated way to restore it instead of having to type in 
the configuration line-for-line. 


To test TFTP, | am using a freeware program called PumpKin in Figure 3-15. You can download 
PumpKin, set up another router as a TFTP server, or use any TFTP application you like. | started 
and configured PumpKin to put and get all files, started a new Sniffer capture, and proceeded to 
copy my rl configuration file to the TFTP server for this test. You should even go a few steps 
further to wipe your configuration with the erase startup-config or write erase command to 
ensure this really works. After all, this is the type of thing you should do in a lab environment 
many times so that you are prepared for the unexpected. Use Example 3-29 as a guide for this 
exercise. 


Figure 3-15. Using PumpKin for a TFTP Server 
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NOTE 


The shaded output in Example 3-29 is not required for the TFTP exercise. It is meant to 
review that the effect of copying anything to the running configuration is a merge 
rather than a replace to the existing configuration. 


Save the Sniffer file as chapter 3 tftp from rl to hosta and back sniffer capture for further 
review. 


NOTE 


Just as | am in the habit of typing write mem (wr) to save my running configuration 
to the startup configuration, | typically type write erase (wr er) to erase the startup. 
However,write mem and write erase are the old way; copy running- config 
startup-config and erase startup-config are the newer (10.3+) commands. | 
thought | would point this out in case you see the old commands in some of my 
examples or Sniffer traces. 


Example 3-29. Copying r1 Configuration to a TFTP Server 


rl#copy running-config tftp 


Address or name of remote host []? 192.168.1.11 


Destination filename [running-config]? hosta-config 


1093 bytes copied in 5.888 secs (218 bytes/sec) 

rl#erase startup-config 

Erasing the nvram filesystem will remove all files! Continue? [confirm] 
[OK] 

Erase of nvram: complete 

!!!The next 2 shaded commands are not necessary for the tftp exercise 
!!!However, it is a good time to review when files are replaced or 
!!'!just modified. 

rl#copy startup-config running-config 

Destination filename [running-config]? 

rl#show running-config 

Bullding <contigurat one .< 

Current configuration: 

version 12.0 

service timestamps debug uptime 

service timestamps log uptime 

no service password-encryption 

hostname rl 

enable password donna 

ip subnet-—zero 

io Host rl. VIZ LTS. TOSI 682.1 192. 68.4 ol. Og ted 

ip host 22 192.168.4220 19221682501 192268621 

Lp Host 3 VISES 2.2.2 1922168. 5.2 192. 168nG02 LOZ. 66.3.1, 1Oee 21 


ip host r4 10.2.2.2 


ip host £5 10.1. 1.2 


Next reload the router as in Example 3-30. 


Example 3-30. Reloading the Router 


rl#reload 


Proceed with reload? [confirm] 


02:21:13: SSYS-5-RELOAD: Reload requested 


System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE 
Copyright 1986-1995 by cisco Systems 

2500 processor with 2048 Kbytes of main memory 

F3: 7464832+102636+503004 at 0x3000060 


Restricted Rights Legend 


Cisco Internetwork Operating System Software 

TOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 
Copyright 1986-1999 by cisco Systems, Inc. 

Compiled Tue 15-Jun-99 19:57 by phanguye 

Image text-—base: 0x0303D744, data-base: 0x00001000 

cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory. 
Processor board ID 03074719, with hardware revision 00000000 

Bridging software. 

X.25 software, Version 3.0.0. 

2 Ethernet/IEEE 802.3 interface(s) 

2 Serial network interface(s) 

32K bytes of non-volatile configuration memory. 

8192K bytes of processor board System flash (Read ONLY) 


S$Error opening tftp://255.255.255.255/network-confg (Timed out) 


SError opening tftp: 


//255+.255.255.255/ciseonet.cig (Timed out) 


SETUP: new interface EthernetO placed in "shutdown" state 


SETUP: new interface Ethernetl placed in "shutdown" state 


SError opening tftp: 


SError opening tftp: 


SError opening tftp: 


SError opening tftp: 


Press RETURN to get 


//255.255.255.255/network-confg (Timed out) 


//255+255.255.255/cisconet.cig (Timed out) 


//255.255.255.255/router-contfg (Timed out) 


//255.255.255.255/ciscortr.cig (Timed out) 


started! 


00:03:45: %SSYS-5-RESTART: System restarted -—-— 


Cisco Internetwork Operating System Software 


TOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), 


Copyright 1986=1999 by cise 


Router>o Systems, Inc. 


Compiled Tue 15-Jun- 


Router>enable 


99 19:57 by phanguye 


Router#configure terminal 


Enter configuration 


R 


ELEASE SOFTWARE 


commands, one per line. End with CNTL/Z. 


Router (config) #interface ethernet 0 


Router (config-if)#ip address 192.168.1.1 255.255.255.0 


Router (config-if) #no shut 


Router (config-if) #end 


(fe1) 


Now copy the file from the TFTP to rl as in Example 3-31. By the way, a router with no 
configuration is often referred to as a router out of the box (ROTB). 


Example 3-31. Copying the Configuration from the TFTP Server 


Router#copy tftp running-config 

Address or name of remote host []? 192.168.1.11 

Source filename []? hosta-config 

Destination filename [running-config]? 

Accessing tftp://192.168.1.11/hosta-config... 

Loading hosta=config from 192.168.1.11 (via Ethernet0O): ! 
[OK — 1093/2048 bytes] 

1093 bytes copied in 5.124 secs (218 bytes/sec) 

rl#copy running-config startup-config 

Destination filename [startup-config]? 


Building configuration... 


NOTE 


Remember to stop and save the Sniffer file as chapter 3 tftp from rl to hosta and back 
sniffer capture. 


In the preceding example, | copied my file to a TFTP server and made sure it was really there. 
Then | performed an erase start on the router to erase the startup configuration. When | tried 
to overwrite the running configuration with the startup configuration, however, it acted asa 
merge, which is what you should expect. To really get rid of the running configuration, you must 
reload the router; so! did. When the router came back up, it had no configuration, but it was 
certainly looking for one (as you can see from the shaded output in Example 3-30). Next | 
configured the IP address on the Ethernet 0 interface and issued a no shut. If the TFTP server 
were not local, a default gateway would be required as well. Now that | had TCP/IP 
communications, | continued and copied the configuration file from the TFTP server back to the 
router and saved the configuration. 


TFTP and FTP can assist you with saving configurations and |OS images depending on your |OS 
version. To explore the differences, save the TFTP capture or refer to my Sniffer files to later 
compare it to FTP. Make a list of the major differences as you observe the two applications. 


Before you experiment with FTP, take a few minutes to decode the TFTP Sniffer capture. The 
shaded line in Figure 3-16 highlights a TFTP write request, which Sniffer portrays as opcode 2 in 
the detail pane. Lines 63 to 69 include the actual file transfer. Line 64 is an opcode 3 and is the 
first data packet transfer. Notice that the first block, or 512 bytes, of data was transferred and 
line 65 is the application acknowledgement to the first data packet with an opcode 4. Table 3-7 
lists the common opcodes. 


Figure 3-16. TFTP Write Request 


sane 


ecSee 


ives ado | 


othe 


- 


TAR iW } rT} eapala t 
32 368 1 1) BarCreenL ene ren Pa 


|Eveeet be 
592 304.4) 
ple 192-360 4 4) 
i872 368. by 
)pis2 288 1 1) 
[isd ie@ bby is? 30.1 1) 
‘Taped O06 Pes Leeimerss 
SITIOS =| OREDIIOTOOTE 


B Apeeee 


33 


Sas 
2355) 


+— Summary Pane 


ryt 
4 
tf 


ni 


ponenennnnan gal 


Sannaaessseessase 
SLeVetszsssBsssze 


eC E TTT rrr rrr rrr 
ss 
S23 


Maésssessessss 
eshensetes: 
qqesesonces 


pans 
tf 


Cit 


Proto - 17 (tr) 
Senter checkee = FST (ooreeets 
IF hero ettreee « [bo 148 2 8] 


Fe See pier ~ «une 

ce beetenetice poet « 69 TRIP) 

TF loess “a 

TF Cacho « 198E ferret! 
ad 
u~ 
vr 


at bywia) et tered 
—— Twirkal thie \eeneter ——- 


THIF, OQecodia + 2 (Frite pepeeet) 
THTP, File mane + “howte-cmetig” 
WTP) Gese + “ecnen” 


THTP: [Seeees wad ot “Trivtad tile treneter” 1 


NOTE 


My TFTP Sniffer captures have an error in them because of an old Sniffer bug. In 
Figures 3-16 and 3-17, for example, frame 60 must actually follow frames 61 and 62. | 


prefer not to doctor my Sniffer capture but rather tell you that it's not possible for it to 
behave as shown. 


Figure 3-17. TFTP Clear Text 
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Table 3-7. OpCodes 


OpCode Text OpCode Number 
Read request 1 
Write request 2 
Data 3 
Ack 4 
Error 5 


Also note that the Sniffer trace does not in any way hide the configuration while it is transferring. 
Figure 3-17 shows the ending configuration, including passwords. Notice how you can read the 
entire configuration file when you open each data packet individually. 


Using the Sniffer capture, take a few minutes to draw a simple picture of what happens when 
you transfer a file using TFTP. Include communications between rl and hosta, including line 
numbers, ports, and opcodes, as | did in Figure 3-18. 


Figure 3-18. TFTP Communications 
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Many UDP-based applications such as some implementations of TFTP and DNS use a fixed data 
length (such as 512 bytes) to operate, but the maximum per segment is 65535 bytes. 


NOTE 


In the Cisco environment, you may need to use FTP to update large |OS images (over 
16 MB) or transfer larger files. A more likely reason to use FTP over TFTP is that the 
latter operates in a ping-pong, request/response fashion with no windowing, which 
greatly impacts throughput in high-latency paths. In addition, the retransmit timers 
are fixed, so they do not adapt to the round-trip time as does TCP. 


As you verified in the previous figures, TFTP transfers text in the clear. Use FTP to perform the 
same file transfer as in the TFTP exercise. Actually, | transferred the configuration from rl and r2 
to the FTP server in my test. Any FTP application is appropriate. | am using 3CDaemon in Figure 
3-19, a freeware program | downloaded from 
support.3com.com/infodeli/swlib/utilities for windows _32_bit.htm for the lab in Example 3-32. 
Use Sniffer to capture the results, analyze your findings, list or draw a picture of what happens 
when you transfer a file using FTP, and, last but not least, compare the two | P-based 
applications. 


Example 3-32. Copying rl and r2 Configuration to an FTP Server 


rl(config)#ip ftp username anonymous 


rl(config) #ip ftp password donna@shoretraining.com 


r1(config) #end 


rl#copy running-config startup-config 

rl#copy running-config ftp 

Address or name of remote host []? 192.168.1.11 
Destination filename [running-config]? rl-config 
Writing ril=confiig ! 


1169 bytes copied in 8.836 secs (146 bytes/sec) 


Figure 3-19. FTP Server Software 
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| did not take the time to erase my configuration and test this out as | did with the TFTP 
example. If you need more practice, you can do just that. My chapter 3 ftp from rl and r2 to 
hosta sniffer capture file displays in Figure 3-20. Follow the TCP sessions and data transfer, 
including the sequence and acknowledgement numbers for a review. 


Figure 3-20. FTP Write Request 
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Feel free to draw a more specific picture with line numbers, ports, and sequence and 
acknowledgement numbers. However, the following gives a general picture of how FTP works: 


e ARP and TCP 3-way handshake (FTP control port 21) 

e FTP user login (anonymous) and password (donna@shoretraining.com) 
e TCP 3-way handshake (FTP data transfer port 20) 

e FTP data transfer (clear text) 

e Session tear down (data port 20) 

e Session tear down (control port 21) 


The main difference is that the program | used for the test does not use an individual port 20 for 
each data transfer, but instead uses a separate ephemeral port. 


NOTE 


Actually my FTP client specified a PASV (passive) transfer mode, and the 3CDaemon 
server supported it. This makes FTP a little confusing because, as | just illustrated, the 
data port is not always port 20. In passive-mode FTP, the client initiates both the 
control and data connection to the server. Obviously this can be good or bad 
depending on server and firewall configurations. Research FTP modes for more detail. 


You should have notes similar to the following to compare TFTP and FTP communications: 


The client uses an ephemeral port to initiate communications to TFTP server port 69 and 
the server picks an ephemeral port to respond to the client. FTP uses port 21 for control 
and a separate port 20 for file transfer, and the server port doesn't need to change for 
multiple clients because of the TCP session. 


No login, username, or password is used for TFTP. FTP requires login and can allow 
anonymous login with the e-mail address for the password. 


TFTP transfers a minimum of 512 bytes of data per datagram, and the application ACKs 
each one individually because UDP has no reliability mechanism; FTP, on the other hand, 
uses a TCP session for each file transfer. 


TFTP and FTP use clear-text data transmission. FTP secure implementations are available. 


In addition, TFTP and FTP are very helpful in the Cisco environment to copy not only 
configurations but also Cisco Operating System images. Many times | set up my router as a TFTP 
server so that | can copy the IOS to another location. Appendix B provides more detail on such 
topics. 


As you can see, it is helpful to understand the basics of how applications work to more easily 
troubleshoot them. Next take a look at the Simple Mail Transfer Protocol (SMTP) and Post Office 
Protocol (POP3) in Figure 3-21. 


Figure 3-21. SMTP and POP3 
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SMTP is like the mail truck delivering from post office to post office. If you work for Cisco Press 
and you want to set up your mail client to send your mail, for example, you may set up 
smtp.ciscopress.com, which by default occurs on TCP port 25. 


POP3 is more of a server to the client mail delivery protocol that operates by default on TCP port 
110. Therefore if you work for Cisco Press and want to set up your mail client, you may set up 


pop3.ciscopress.com to receive your mail. 
Assumeuser@ciscopress.com wants to send an e-mail to donna@shoretraining.com. That user 


clicks Send and SMTP is used to transfer the e-mail from the user to his mail server using SMTP 
TCP port 25. The mail server delivers the mail to the shoretraining.com domain over port 25. 
When | check my mail on shoretraining, my e-mail program establishes a connection to my mail 
server over POP3 port 110. 


Knowing the overall SMTP/POP3 delivery process may assist you with troubleshooting your e- 
mail one day. For example, | have been in situations where | could send e-mail but not receive, 
which turned out to be a POP3 issue. Perhaps a particular port or address was blocked by an 
access list. | have also been in situations where the opposite occurs. For example, many times 
you may have the luxury of using a higher-speed network connection but your ISP may not allow 
you to "relay" through another system. However, troubleshooting e-mail issues happens to be 
another book in itself (as are most applications). 


NOTE 


Like telnet, SMTP and POP3 are clear-text protocols for all e-mail and password 
information. You can add security with better alternatives. Secure POP (SPOP, port 
995) uses Secure Sockets Layer (SSL). SMTP (still port 25) can use SSL as well. 
Internet Message Access Protocol (IMAP, port 143) is inherently more secure than 
POP3 is. Previously in this chapter, | compared SSH (port 22) to telnet (port 23). 


DNS is another application that it is quite helpful to understand in the support world. | would 
much rather type www.cisco.com than its |P address every time | want to look up something on 
Cisco.com. DNS maps an IP address to a hostname so that humans can relate to it a little better. 
Hostname resolution once was a flat hosts file, but who would have enough memory to open 


such a thing today? Hosts files are still available for use, however. You have them on each of 
your routers now. Type show hosts with me on rl as in Example 3- 33. 


Example 3-33. Cisco Hosts File 


rl>show hosts 
Default domain is not set 
Name/address lookup uses domain service 


Name servers are 255.255.255.255 


Host Flags Age Type Address(es) 

aL (perm, OK) 23 iP LOA TES sel. LOACIGS 2d 
192.160.4271. 10 de ied 

r2 (perm, OK) 23 IP 1O216804.2 192.168. 5d 
192 6168) 26.0 1 

r3 (perm, OK) 23 IP LO2 168.212. 192 .168:5..2 


LOZ 68.622 LOZ 168.3). 


10.262.1 
r4 (perm, OK) 23 IP Os 2st 2 
m5 (perm, OK) 23 iP DO's dog de 2 


Hosts files on PCs are typically found in locations such as \Windows, \Etc, 
\Winnt\System32\ Drivers\Etc and are named hosts. Reference Figure 3-22 for a sample 
Windows 2000 hosts file. 


Figure 3-22. Windows 2000 Hosts File 


This {s « samele HosTs file used by Mtcrosoft TCP/IP for Windows, 
this file carnations the pipe ey of iP addresses to host names. 


t 
any should te Kept on incividual line, The IP address ge 
aced In the flrsi p>} van followed the corres jing host mame. 
IP address and the host name should be separated by at least ore 


Space. 


Secicionad ly, coments (such as these) ry be sugeyee on individual 
Vires or fo Sewing the machine mame denoted by a syreo). 


For exanple: 


202. $4. = ov ehino. acne. com @ source server 
38. 25.63.20 x. ace. Com * Client host 


27.0.0.2 localhost 


The other files listed in Figure 3-22 can be quite helpful, too. Lmhosts is for NetBIOS name 
resolution. The other files contain common network, protocol, and port numbers. At the upper 


layers, | often ask myself whether a hostname or a NetBIOS issue exists. Figure 3-23 provides 
some examples, as does Table 3-1 earlier in this chapter. 


Figure 3-23. Name and Address Resolution 


NetBios Sockets 


NetBios Names hostnames 
Start Run \\hostb hostname 
Network Neighborhood ping 
Windows Explorer telnet 
Net Commands 
Browser Services ssl 
(IP) (MAC) 


hostb ——————> 192..168.1.12 ——. 00-80-C7-AA-C8-87 


DNS (hosts files) ARP 
WINs (Imhosts files) 


Address Resolution 


DNS is hierarchical in nature; therefore, fully qualified domain names (FQDN) must be unique. 
Upper-level domain names include such domain names as com, edu, net, and gov. Second-level 
domain names must be registered. For example, ciscopress.com and shoretraining.com are both 
part of the top-level com domain. Cisco Press has authority over what they do under 
ciscopress.com, and! have control over what! do under shoretraining.com. Obviously, these 
second-level domains must be registered through Internet service providers (ISPs) or companies 
such as VeriSign. 


NOTE 


Some implementations of DNS do not allow hostnames with underscores (_). 


The name space contains domains, subdomains, and hosts. The servers contain zones, which are 
database files with various record types. Common record types include alias (canonical name) or 
mail (MX) records. 


Why do you care? Name resolution is certainly something to check for in the upper layers. If you 
can ping the IP address but not the hostname, for example, chances are you have a hostname 
resolution issue. If you canissue a Start > Run \\ 192.168.1.12 but not a Start > Run 

\\ hostb, the problem is probably NetBIOS name resolution. These could in turn be DNS or 
WINS issues, depending on the applications and settings in your environment. 


If you were capturing DNS information with Sniffer, you would see that queries typically are 
done over UDP port 53, whereas zone transfers are completed over TCP port 53. Next take a 
look at SNMP, which is everything but simple. 


SNMP was originally for remote management of network hardware devices, but today is used for 
lots more. A management console sends a request to an agent (managed device) over UDP port 
161, and the agent generates a trap on port 162 to a specific address. An agent really can't 
initiate anything on its own, but it can notify the manager of events, such as a link up or down or 
a software mail problem. The requests are part of a database referred to as a Management 
Information Base (MIB) in the SNMP world. Communities are groups that talk to one another to 
assist with security, and public is the default community. CiscoWorks, Cisco Info Center (CIC), 


and HP OpenView are examples of network management platforms that support SNMP- based 
management. 


Next | review the RIP application. RIP is the routing protocol you set up earlier in the chapter so 
that one end system could get to another end system. RIP is an application that operates over 
UDP port 520. RIPv2 still operates over UDP port 520, but it uses 224.0.0.9 as a destination IP 
multicast address. Although each of the prefix entries includes a mask, RIPv2 is more 
considerate of the hosts, which are not interested in its messages, because their NICs will filter 
the frames at Layer 2. Figure 3-24 enables you to analyze the RIP header. Does my capture 
display RIPv1 or RI Pv2? 


Figure 3-24. RIP 
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You are correct if you said Figure 3-24 displays RIPv2 because the destination is the multicast 
224.0.0.9 address rather than a local broadcast. 


Now look at another application that is common in a day-to-day environment; Hypertext 
Transport Protocol (HTTP) uses TCP port 80 to provide web services. It also uses clear-text data 
transmission. Obviously this is a very big issue with purchasing items over the Internet. E- 
commerce applications make use of more secure protocols such as HTTPS over TCP port 443. If 
you compare a Sniffer trace of HTTP and HTTPS traffic, the HTTPS data is encrypted. Figure 3-25 
shows you what people can sniff when you use HTTP to access a switch. | had to turn port 
monitoring on for this to work. Those details are covered more depth in the switch chapters, 
Chapter 6, "Shooting Trouble with CatOS and 10S," and Chapter 7, "Shooting Trouble with 
VLANs on Routers and Switches." For now, analyze the layered approach to HTTP as you have 
done with the other applications. 


Figure 3-25. HTTP to a 1900 Switch 
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NOTE 


HTTP 1.0 opens a new TCP connection for each item, but HTTP 1.1 does not, as you can 
verify at www.w3.org/Protocols/Activity.html. In addition, this Sniffer decode offers a 
good opportunity to point out the default behavior of most TCPs, to acknowledge every 
other packet. 


Now that! have touched on all the layers of the TCP/IP suite to lead into the addressing section, 
| will discuss DHCP. First there was RARP, then BOOTP, and now DHCP. The basic concept is the 
same. Take RARP, for example. It is used to resolve MAC addresses to IP addresses. It is the 
opposite of ARP, with which | know you have become pretty comfortable by now. The Bootstrap 
Protocol (BOOTP) was developed to allow diskless workstations to obtain IP information upon 
bootup. BOOTP spawned DHCP, which is widely used today. 


DHCP is not fully automatic because someone must configure the server with a range of IP 
addresses (scope) and other optional parameters such as the mask, gateway, DNS server, WINS 
server, and so on. Clients request DHCP parameters via Layer 2 and Layer 3 broadcasts to UDP 
port 67. The server sends messages to the client on UDP port 68. However, it would defeat the 
purpose of a router if it were allowed to forward all broadcasts. On the other hand, it is possible 
for you to open up certain ports for routers to forward via the ip helper-address [ ipaddress] 
command. Request forwarding is also possible via DHCP proxy agents. Figure 3-26 provides 


examples of the ip helper command. Helpers in effect change the local broadcast destination to 
a unicast or directed broadcast to reach the DHCP server. Table 3-8 shows DHCP frames that you 
should capture sometime with a protocol analyzer. 
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To forward fewer than the eight default ports that |P helper opens up, you can use the 
ip forward- protocol udpport command for the ports you want to forward followed 
by the no ip forward-protocol udpport for the ports you do not want to forward. 


Table 3-8. DHCP Frames 
DHCPFrame Description 
Discover Client is looking for DHCP server (broadcast). 
Offers DHCP servers respond (broadcast). 
Request Client asks for first server that offered (broadcast). 
Ack DHCP server sends. 
ARP Client sends an ARP to check for duplicate addresses. 


Addressing 


Whether you use DHCP or static |P addressing, understanding addressing is a very important 
skill. AS a CCNP Support candidate, assumed skills include basic things such as addressing, 
subnetting, summarizing, and routing. In this section | take the time to review because too 
many problems occur because of lack of planning with IP addressing. Proper planning prevents 
poor performance in all circumstances. Besides, you will need these skills in the Trouble Tickets, 
but more importantly in the real world. 


Chapter 1 covered the basics of |P addressing, discussing the 4.2 billion (232), 32-bit, dotted- 
decimal format. Table 3-9 reviews classes and masks. 


Table 3-9. |1P Address Classes and Masks 


Class and Range Decimal Mask | Bitwise Mask 
0 |A1-127E1 255.0.0.0 /8 
10 B128-191 255.255.0.0 /16 
110 C 192-223 255.255.255.0 |/24 
(*] Loopback 


Public addresses are registered through your |SP or at www.arin.net. ARIN is one of the three 
regional Internet registries (and is the authority in the United States). RIPE NCC is the authority 
for Europe, the Middle East, North Africa, and parts of Asia. APNIC is the Asia Pacific Network 
Information Centre (and is the authority for parts of Asia not under the authority of RIPE NCC). | 
registered my domain name information with VeriSign and my local ISP hosts the 
ShoreTraining.com website for me. Take a few minutes and go out to ARIN's website, use their 
whois tool to do a lookup of any public address you like. An example of a public address is 
216.239.51.100, which happens to be one of my favorite search engines. This address falls 
within the network block of 216.239.32.0 to 216.239.63.255. However, | do not like to pick on 
public sites, so! will stay with private addresses for the practical studies. Private addresses 
should not be routed on the Internet, and they fall within the following ranges: 


e 10.0.0.0/8 (10.0.0.0 to 10.255.255.255) 

e 172.16.0.0/12 (172.16.0.0 to 172.31.255.255) 

e 192.168.0.0/16 (192.168.0.0 to 192.168.255.255) 
Notice that no matter whether you are using a public or private address, you still need a subnet 
mask to divide the network and host portion. | am certain you have heard many analogies on 
this by now, but the most common is probably the street being the network and your house 
number being a host on the network. Alternatively, look at the address and use your "network 
tape measure" to measure off the network bits from left to right, or just think of a painter 
masking off what he does not want to paint. 


Look back at Figure 3-1 to review your streets (networks) and houses (hosts). Quickly make a 


list or table of your networks and hosts as in Table 3-10, because you will soon be changing your 
IP addressing scheme. Notice how | also included the router interfaces, because they need an 
address to operate with IP (unless, of course, you are using something like |P unnumbered). 


Table 3-10. Current 1P Addressing 


Network Address Interface 
192.168.1.0/24 192.168.1.1/24 rleOd 
192.168.1.11/24 hosta 
192.168.1.12/24 hostb 
192.168.2.0/24 192.168.2.1/24 risl 
192.168.2.2/24 r3s0/0 
192.168.3.0/24 192.168.3.1/24 r3fa2/0 
192.168.3.5/24 hostc 
192.168.4.0/24 192.168.4.1/24 rlel 
192.168.4.2/24 r2e0 
192.168.5.0/24 192.168.5.1/24 r2sl 
192.168.5.2/24 r3s0/2 
192.168.6.0/24 192.168.6.1/24 r2S0 
192.168.6.2/24 r3s0/1 
10.1.1.0/24 10.1.1.1/24 r1sO 
10.1.1.2/24 r5sO 
10.2.2.0/24 10.2.2.1/24 r3s0/3 
10.2.2.2/24 r4s0/0 


What a waste of address space, you should be thinking to yourself right about now, and if you 
were using public addresses, that would be more of a waste. Although the problem may not be 
apparent with a list of networks and hosts, many problems show up later. Keep your table 
handy; you will continue to examine this. First, however, | want to review subnetting in a little 
more detail. 


Subnetting 


From my back yard | can see the Chesapeake Bay Bridge and the eastbound and westbound 
cars. From Memorial Day to Labor Day is prime beach time. Every Friday night people head for 
the beach and return home on Sunday. Cars are almost at a standstill on the bridge at those 
times. Needless to say, this is one huge collision and broadcast domain. Sometimes the Mass 


Transit Authority (MTA) subnets, and | bet they don't even know it. They borrow temporarily 
less-congested lanes from the westbound side to send more people down the eastbound side. 
They also implemented EZPass to let the commuters have their own lanes (like queuing). That is 
all subnetting is. Now not as many cars (hosts) can travel the westbound side, because MTA 
borrowed them to make more lanes (subnets) for eastbound traffic. Subnetting is all about 
borrowing from the host bits to get more networks. Routers handle multiple subnets by 
partitioning collision and broadcast domains to avoid congestion. 

Feel free to review the subnetting examples from Chapter 1, but you may as well put this to 
practice in your lab. Look at your routing tables to see how they display the networks you are 
using. Refer to Example 3-34 for mine. 


Example 3-34. Chapter 3 Networks 


rl#show ip route 

Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El = OSPF external. type 1, E2 = OSPF external type 2, E = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 

Gateway of last resort is not set 

co 192.168.4.0/24 is directly connected, Ethernetl 

R 192.168.5.0/24 [120/1] via 192.168.4.2, 00:00:23, Ethernet1 

[120/41] Via 292.068..2.2,- 00:00s18,. Serial 


10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 


R 10.0.0.0/8 [120/2] via 192.168.4.2, 00:00:24, Ethernetl 
R 10.2.20/24 [120/41] via 192.168 .2.2, O0:00t18,. Sertall 
c¢ 10.1.1.0/24 is directly connected, Serial0 

R 192.168.6.0/24 [120/1] via 192.168.4.2, 00:00:24, Ethernetl 


[120/21] via 192.168.2.2,- 0O:00s18,, Serial 
c 192.168.1.0/24 is directly connected, Ethernet0O 
c 192.168.2.0/24 is directly connected, Seriall 


R 192..168:.3.:0/24 [120/1] via 192.168.2.2, 00:00:18, Seriall 


r2>show ip route 


cy 192.168.4.0/24 is directly connected, Ethernet0O 
cS 192.168.5.0/24 is directly connected, Seriall 
10.0.0.0/24 is subnetted, subnets 
R 10.1.1.0 [120/1] via 192.168.4.1, 00:00:08, Ethernet0 
R 10.2.2:0 [120/71] wie 192.168.6.2, 00200223, Serial0 
[1220/1] wie 192.168..5.2, O0200:23, Seriali 
cS 192.168.6.0/24 is directly connected, Serial0 
R 192.168.1.0/24 [120/1] via 192.168.4.1, 00:00:08, Ethernet0 
R 192.168.2.0/24 [120/1] via 192.168.4.1, 00:00:08, Ethernet0 
[120/1] via 192.168.6.2, 00:00:23, Serial0 
(120/1] vie 192.168.5.2); 00:00:23, Serrall 
R 192..168.3:0/24 [120/11] via 192.168..6.2, 00:00:23, Serial0 
[1220/1] wha 192:168:.5.2, 00:00:23, Sertall 
r3>show ip route 
R 192.168.4.0/24 [120/1] via 192.168.2.1, 00:00:17, Serial0/0 
[120/11] via 192.168.6.1, O00:00'T11, Serial0/1 
[1200/1] via 192.168.5.1, O0:00¢11,. Serialo/2 
ce 192.168.5.0/24 is directly connected, Serial0/2 
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 
R 10.1.1,0/24 [120/11] via 192.168.2.1, 00:00%17, Serial0/0 
R 10.00.0078 [120/2] via 192.168.6:1, O0:00:11, Seriald/1 
[120/2] wie 192.168:..5.1, O0s00711, Seriald/2 
C 10.2.2.0/24 is directly connected, Serial0/3 
ey 192.168.6.0/24 is directly connected, Serial0O/1 
R 192.168:1.0/24 [120/11] via 192.168.2.1, 00:00:18, Serial0/0 


Cc 


Cc 


192.168.2.0/24 is directly connected, 


192.168.3.0/24 is directly connected, 


r4>show ip route 


R 


R 


192.168.4:0/24 [120/2] via 10.2.2.1, 


192..168.5:0/24 [120/1] via 0.2.2.1, 


10.0.0.0/8 is variably subnetted, 3 subnets, 


10.1.4,0/24 [1120/2] via 10.2.2.1, 


Serial0/0 


Fastl 


Ethernet2/0 


00200213, 


00:00:14, 


00:00:14, 


10..0..0.0/8 [120/3] via 10.2.2.1, 00:00:14, 


10.2.2.0/24 is directly connected, 
192 168..6.0/24 [2120/1] via LOs2.2.1, 
L92.168:.1.0/24 [120/72] via 10.2.2. 1, 


192.1682: 0/24 [120/11] via 10.2.2.1, 


192..168:.3:0/24 [120/11] via 10.2.2.1, 


r5>show ip route 


r5> 


192.168.4.0/24 [120/11] via 10.1.1.1, 


192.168.5;0/724 [1200/2] vie-10.1.1.1, 


10.0.0.0/8 is variably subnetted, 3 subnets, 


10.2.20/24 [1120/2], via 10.72.1.1, 


2 


Serial 


Serial 


masks 


10/0 


10/0 


Serial0/0 


Serial0/0 


Serial0/0 


00:00:14, 


00: 


00: 


00: 


00: 


00: 


00:1 


COs 


00:1 


COs 


00: 


05, 


06, 


00:00:06, 


10..0:.0.0/8 [120/3] via 10.121.1, 00:00:06, 


10.1.1.0/24 is directly connected, 
O92. 168:..6.0/24 [1120/2] via TOsded.1, 
LI2.168: 10/24. [12071] via 10.1.4.1, 


192.168.230/24 [120/1] via LO.c1.1..1y 


192..168:.3;0/24 [120/2] via 10.1.1..1, 


SerialO 


00: 


00: 


00: 


00: 


00: 


00% 


COs 


00% 


06, 


06, 


06, 


06, 


2 


Serial 


Serial 


Serial 


Serial 


Serial 


Serial 


masks 


10/0 


10/0 


10/0 


10/0 


LO 


LO 


SerialdO 


SerialO 


Serial 


Serial 


Serial 


Serial 


LO 


LO 


0 


LO 


You can apply the shaded output in the preceding example to the other routers, but onr1! am 
illustrating that there are multiple paths to subnet 192.168.5.0 and 192.168.6.0. Note how the 
routing table output shows 10.0.0.0/8, which is the classful mask, with the subnets 10.1.1.0/24 
and 10.2.2.0/24 beneath it. 


To prepare for the chapter Trouble Tickets, | want you to plan your new addressing scheme 
using 192.168.5.0/24 as a starting point. You know how many networks and hosts you have, but 
plan on adding a few more for growth. Do not assume that you can use subnet 0 (the first 
subnet), the last subnet, or VLSM for now. Write out your calculations as | do in Figure 3-27, but 
save the actual configuration for the chapter Trouble Tickets. Feel free to expand the binary to 
truly help you master the subnetting concepts. 


Figure 3-27. Subnetting 


Subnets Broadcast Hosts 


0 15 1-14 
16 31 17-30 
32 47 33-46 
48 63 49-62 
64 79 65-78 
80 95 81-94 
96 111 97-110 
112 127 113-126 
128 143 129-142 
144 159 145-158 
ao 160 175 161-174 
192.168.5,0/24 176 191 177-192 
2*—2 = 8 Subnets 192 207 193~—206 
x = 4 (So Borrow 4 Bits) 208 223 209-222 
224 239 225-238 
240 Mask 


NOTE 


For more practice, go to www.learntosubnet.com or return to Chapter 1. When you 
have mastered these concepts, you can check your work against the subnet calculator 
atCisco.com. 


You certainly should plan your addresses carefully, and this is more than just compiling an Excel 
spreadsheet and checking off what you have handed out to everyone. However, what could you 
do if | told you that! want to take one of the subnets and subdivide it to maximize the number 
of subnets | can possibly get from it? | tend to reserve subnet 0 for this purpose, so take 
192.168.5.0/28 and further subnet it according to the information provided. Figure 3-28 shows 
my VLSM calculations. 


NOTE 


Figure 3-28. VLSM 
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Subnetting and VLSM are all about moving the network mask bit boundary to the right. 
For every host bit borrowed, the available subnets double and similarly the hosts 
exponentially decrease, too. When | make a cake for desert and plan on 8 people 
eating, for example, | would probably cut it into 10 or 12 pieces to make sure! have 

enough cake (subnets) for all. If | cut the cake into exactly eight pieces, however, and 
each guest brings a friend, | guess | could perform VLSM on the pieces of cake. 


| took the VLSM example from a different approach in that | knew | never needed more than two 
hosts. So | used the 2* - 2 formula to calculate hosts and placed the Os in the chart first. Tables 
are helpful to organize such data, as | demonstrate in Table 3-11. 


Table 3-11. Subnets, Broadcast Addresses, Hosts, and VLSM Subnets 


Subnets 0 16 32 48 64 80 96 .|224 
Broadcast 15 31 47 63 79 95 peal .| 239 
Hosts 1- 14 17-33 | 33-46 | 49-62 | 65-78 | 81-94 | 97-110]... | 225-238 
0 (1-2) 
4 (5-6) 
8 (9-10) 
VLS Msubnets 12 
(hosts) (13-14) 


Some general suggestions | can recommend for VLSM include the following: 
Step 1. Start with your host requirements. 
Step 2. Next calculate for the LAN segments. 
Step 3. Then subnet a LAN to get your WANs. 


Step 4. More than three levels can get a little too confusing. 


NOTE 


Real-world solutions include topics such as proxy servers and Network Address 
Translation (NAT), which are covered in a little more detail in the Practical Studies 
Remote Access Guide. A proxy server, for example, has one NIC to the outside world 
and one to inside network. Requests made by the inside hosts are made to the proxy 
server to relay the requests and responses. NAT doesn't use a proxy service. Instead, a 
router running NAT can replace the inside addresses with outside addresses. Finally, 
both of these techniques can be combined. 


Ultimately, besides being neat about things and saving addresses, you want to plan your 
address scheme so that it is not so stressful on your routing tables. It would be a perfect world if 
everyone really understood the importance of this. After all, there is more to life than just 
sharing your cake; you must eat it too. Figure 3-29 offers a hierarchical view of the subnetting 
and VLSM math you did previously, which will in turn make summarizing a breeze. 


Figure 3-29. Summarization 


192.168.5.0/24 


192.168.5.0/28 192.168.5.16/28 192. 168.5.32/28 


192.168.5.0/30 / \ 192.168.5. 12/30 


192.168.5.4/30 192.168.5.8/30 


Summarization 


Summarization is the real reason you want to pay attention to your addressing scheme. Besides 
only having a finite number of addresses, routing table growth has just exploded over the years. 
There are more than 100,000 Internet routes to date. See for yourself in Figures 3-30 and 3-31 
or go to a similar site for a more current report. Summarizing enables you to have a single IP 
address range represent a collection of smaller ranges when deployed hierarchically. Collapsing 
the routing table is an obvious advantage to summarization, but think about the impact on my 
network if my routing tables are affected every time a link goes down on your network. 


Figure 3-30. Route Server 


C:\WINNT\ Meteo: cmd. exe - oa route 


126. 172. 8. ane 120/01 “ua 199.186. 500. t= 4di8h 

136.142.80.6/16 (28/06) vee 199.106.200.1. 2d18h 

216 .158.65.0/24 (26/6) via 199.186.280.1,. 4d 

209 .22.192.0/24 (26/6) via 199.106.200.1 

304.233 .34.0/24 (20/81 via 199.106.200.1. 

204.143 .68.0/24 [28/81] via Pet et - Big 

202 .37.232.0/24 (26/61 via 199.186.200.1 

198 .263.18.6724 (20/0) via 199.186.288.1. 4d18h 

193.188 seer 6/24 [20/8] via 199.106.200.1, 4d18h 

193.143.73.0/24 (20/0) via 12.129.192.1. 12:28:83 

192.112.183.0/24 (20/8) via 199. 20s 202° 1, 4di8h 

178.173.6.6/16 is variably subnetted. subnets 2 masks 
178.173.0.0/16 (26/0) via 199. {pe 200° 1. 4d18h 
178.173.6.0723 (26/61 via 199.106.2080.1, 4d18h 

136 .143.0.8/16 (20/6) via 12.129.192.1. 4di8h 

216 .238.54.0/24 [20/6] via 199.186.200.1. 4di8h 

216.145.65.6/24 (20/6] vie, 199.186.2808.1, 4d18h 

216.8.216.6724 [20/8] vigd99.186.2808.1, 4418h 

209 .213.12.0/24 (26/6) vf@ 199.106.2080.1. 3d20h 


route-server>sh ip route summary 
i — Subnets arerneen opr ged <bytes> 


224 576 
32935 6628328 17897128 


1392144 
32939 6620688 18489984 


Figure 3-31. Classless Interdomain Routing (CIDR) Report 


View full size image 
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Status Summary 


Table History 


Date Prefixes CIDR Aggregated 
19-(2-03 119053 05336 
20-(2-03 2191856 os4re 
21-€2-03 119400 85542 
22.02.03 110615 ose? 
23-(2-03 119379 osass 
24-12-03 119479 as4is 
25-02-03 119470 85610 
26-(2.03 119680 05533 


Plot BGP Table Sex 


Number of ASes mreutng system 

Number ef ASes attrouncng otdy ore prvtin 

Largest umber of prefixes anounced by an AS 

AS701: ALTERNET-AS UUNET Techaologier, Ine 
73000832 = Largest address span armounced by an AS (/321) 

ASS¢S SUMNET-AS DISO-UNRRA 


Plot: AS count 


NOTE 


Summarization increases stability in that if one of your links flap up and down, my 
routing tables are not flapping reachable and unreachable. If | have network 
192.168.5.0/24 and you have 192.168.7.0/24, for example, | really don't have the 
need to know about your 192.168.7.4/30. All | care about is to get to 192.168.7. 
anything | send to you. 


Summarization limits the number of routers that need to recalculate routing tables. To 
determine a summary route, a router determines the high-order (1) bits that match for all 
addresses. Sometimes this is done on the classful boundary automatically and other times you 
and | may need to include the appropriate summary statement, depending on the routing 
protocol. 


Subnetting, VLSM, summarization, aggregation, supernetting, and CIDR are all about matching 

bits. Subnetting and VLSM move the network bit boundary to the right, whereas summarization, 
aggregation, supernetting, and CIDR move the network bit boundary to the left. In Figure 3-32, 

HQ starts with 192.168.5.0/24 and breaks it down into subnet 192.168.5.32/27 for the Northern 
Region, 192.168.5.64/27 for the Western Region, 192.168.5.96/27 for the Southern Region, and 
192.168.5.128/27 for the Eastern Region. In turn, each of the regions uses VLSM to subnet their 
Ethernets to a /28 and their serials to a /30. Yet each region can summarize the /27 back to HQ 

Core. 


Figure 3-32. Network Bit Boundaries 


[View full size image] 


Northern Region Vermont 
198.168,5.32/27 


Florida 2g Eastern 
192.168,5.64/27 
0 30 
Georgia 
Southern Region 
192.168.5.96/27 


The practical addressing examples certainly bring out the mathematics involved, but decreasing 
the impact on networks attached to the routers and ultimately the hosts connected to various 
switches is the goal. | address that topic a bit more in PartIll, "Supporting Ethernet, Switches, 


and VLANs." Now | want to quickly review routing protocols so that you can shoot their troubles 
throughout the book. 


Routing Protocols 


Routing protocols have their own unique characteristics, and various Layer 2 encapsulation types 
have a big impact on them. Understanding how they work will certainly assist you in 
troubleshooting them now and later. Most of the statistics listed for each can be found with |OS 
commands such as show ip protocols, show ip route, and show iprouting-protocol?. 
Logging, debug, and protocol analyzers all with various levels of impact on the working 
environment are certainly valuable tools to see more detail when troubleshooting, too. 


However, | want you to reserve them for later chapters. After all, many of these protocols are 
not just | P-specific. 


First | discuss the following Interior Gateway Protocols (IGPs): RIP, Interior Gateway Routing 
Protocol (1GRP)/Enhanced Interior Gateway Routing Protocol (EIGRP), OSPF, and IS-IS. Then | 
review Border Gateway Protocol (BGP), which is an Exterior Gateway Protocol (EGP). 


RIP 


Routing Information Protocol (RIP) was originally designed for Xerox PARC Universal Protocol 
(PUP), and in many ways is still for "pups." It was called GWINFO in the Xerox Network Systems 
(XNS) protocol suite in 1981, and defined in RFC 1058 in 1988. It is easy to configure, and it 
works very well in small networks. In larger networks, however, it can be less effective; as! say 
to myself, "It can RIP you apart." There are alternatives to RIP for larger environments. 


Everyone knows RIP because it has been widely adopted by PC, UNIX, and router makers alike. 
RIP has disadvantages in that it operates over UDP port 520 and the maximum hop count is 15. 
RIPv2 assists with the broadcast nature in that it operates via multicast over 224.0.0.9. Both 
RIPv1 and RIPv2 are distance vector routing protocols, which are often referred to as routing by 
rumor protocols. 


Examine the following list of RIP characteristics and refer back to the examples throughout the 
chapter, for you have already experimented with RIPv1 and RIPv2. | hope your practical 


exercises, with RIPv1 not supporting discontiguous subnets and RIPv2 supporting them, will stay 
with you for a long time. 


The following are RIP characteristics: 


e Open protocol, widely used, stable. 

e Good for small networks in that it is very easy to configure. 

e There are RIP-like distance vector routing protocols for Novell and AppleTalk. 
e Distance vector routing protocol. 

e IGP. 

e IP RIP updates are sent every 30 seconds via broadcast (224.0.0.9 for RI Pv2). 
e UDP port 520 


e Administrative distance is 120. 


e Single metric is hop count. (The limit is 15 to assist with count-to- infinity. ) 
e Timers help regulate performance: 


-Update timer— Frequency of routing updates. Every 30 seconds IP RIP sends a 
complete copy of its routing table, subject to split horizon. (IPX RIP does this every 
60 seconds.) 


-Invalid timer— Absence of refreshed content in a routing update. RIP waits 180 
seconds to mark a route as invalid and immediately puts it into holddown. 


-Hold-down timers and triggered updates— Assist with stability of routes in the 
Cisco environment. Holddowns ensure that regular update messages do not 
inappropriately cause a routing loop. The router doesn't act on nonsuperior new 
information for a certain period of time. RIP's hold-down time is 180 seconds. 


-Flush timer— RIP waits an additional 240 seconds after holddown before it 
actually removes the route from the table. 


e Other stability features to assist with routing loops include the following: 


- Split horizon— Not useful to send information about a route back in the direction 
from which it came. 


-Poison reverse— Updates that are sent to invalidate a route and place it in 
holddown. 


e Bellman- Ford algorithm. 


e RIPv2 supports VLSM and summarization. (RIPv1 doesn't.) RIPv2 always autosummarizes 
at the class boundary. 


RIP maintains only the best route in its routing table, as you can verify in examples throughout 
the chapter. In Example 3-2, for example, | configured RIPv1 on rl and continued to configure 
the other routers. In Example 3-15, while troubleshooting | looked at the routing tables and IP 
routing protocols. Then | configured RIPv2 in Example 3-21.Example 3-22 displays the routing 
tables and output of show ip protocols with RI Pv2 configured. Look back at these examples to 
review such things as the update characteristics, timers, and administrative distance associated 
with RIP. 


Example 3-35 illustrates routes in holddown. First | turn on service time stamps and set the 
clock so that you can see the actual timing of events. Then | turn on debug ip rip events, 
remove the cable from router 2 Serial 1, plug it back in, watch the routing updates, and view the 
appropriate routing tables. 


NOTE 


As always, in a practical environment be very careful with running debug commands 
due to their excessive memory requirements and stressful nature on the devices. 
Notice my in-line comments where | unplugged and plugged the cable back in. 


Example 3-35. Debug Output for RI Pv2 Packets 


rl(config) #service timestamps debug datetime localtime 
rl (config) #end 


rl#eclock set 3:22:00 11 October 2002 


rl#copy running-config startup-config 

Destination filename [startup-config]? 

Building configuration. «. 

[OK] 

rl#debug ip rip events 

RIP event debugging is on 

Oct. 11. 03:22:52: RIP: sending v2 update to 224.0.0.9 via 
Oct 11 03:22:52: RIP: Update contains 8 routes 

Oct 11 03:22:52: RIP: Update queued 

Oct 11 03:22:52: RIP: sending v2 update to 224.0.0.9 via 


Oct 11 03:22:52: RIP: Update sent via Ethernet0O 


Oct 11 03:22:52: RIP: Update contains 5 routes 


Oct 11 03:22:52: RIP: Update queued 


Oct 11 03:22:52: RIP: sending v2 update to 224.0.0.9 via 


Oct 11 03:22:52: RIP: Update sent via Ethernetl 


Oct 11 03:22:52: RIP: Update contains 8 routes! 


Oct 11 03:22:52: RIP: Update queued 


Oct 11 03:22:52: RIP: sending v2 update to 224.0.0.9 via 


Oct 11 03:22:52: RIP: Update sent via Serial0O 


Oct 11 03:22:52: RIP: Update contains 4 routes 


Oct 11 03:22:52: RIP: Update queued 


Oct 11 03:22:52: RIP: Update sent via Seriall 


Etherneto (192.168..1.2.1) 


Ethernetl (192.168.4.1) 


SérialLoQ.. (LO. 1.1.21) 


Seriall (192.168.2.1) 


Oct 11 03:22:59: RIP: received v2 update from 192.168.2.2 on Seriall 


Oct 11 03:22:59: RIP: Update contains 5 routes 

Oct 11 03:23:02: RIP: received v2 update from 192.168.4.2 on Ethernetl 

Oct 11 03:23:02: RIP: Update contains 4 routes 

r1l#!!!now I will unplug the r2s1 cable 

cl# 

Oct 11 03:23:14: RIP: received v2 update from 192.168.2.2 on Seriall 

Oct 11 03:23:14: RIP: Update contains 5 routes 

Oct 11 03:23:14: RIP: received v2 update from 192.168.4.2 on Ethernetl 

Oct 11 03:23:14: RIP: Update contains 4 routes 

Oct 11 03:23:14: RIP: sending v2 update to 224.0.0.9 via EthernetO (192.168.1.1) 

Oct 11 03:23:14: RIP: Update contains 8 routes 

Oct 11 03:23:14: RIP: Update queued 

rl#show ip route 

ie 192.168.4.0/24 is directly connected, Ethernetl 

R 192.168.5.0/24 is possibly down, routing via 192.168.4.2, Ethernet1l 

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 

R 10.2.2.0/24 [120/1] via 192,168.22; 00:00¢10, Seriall 

R 10.0.0.0/8 [120/2] via 192.168.4.2, 00:00:07, Ethernetl 

Cc 10.1.1.0/24 is directly connected, Serial0 

R 192.168.6.0/24 [120/1] via 192.168.4.2, 00:00:07, Ethernetl 
[120/11] via 192.168.2.2, 00:00:11, Seriall 

oy 192.168.1.0/24 is directly connected, Ethernet0O 

Cc 192.168.2.0/24 is directly connected, Seriall 

R 192..168:.3.:0/24 [120/71] via 192.168.2.2, O00:00+11, Seriall 


Plug the cable back in, continue to review the results, and turn off all debug activity, as in 


Example 3-36. 


Example 3-36. Plug the Cable Back In and Observe the Results 


rl#!!!now I will plug the cable back in 


rl#show ip route 


€ 


R 


Oct 


rl#show ip route 


192.168.4.0/24 is directly connected, Ethernet1l 


192.168.5.0/24 is possibly down, 


routing via 192. 


168.4.2, Ethernetl 


10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 


aL, 


Vi. 


11 


i. 


1. 


11 


oi 


cm 


1 


L0.2.2.0/ 24 


03 


03 


03 


03 


03 


03 


03 


03 


03 


226% 


26% 


720% 


26% 


e262 


26% 
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26% 


726% 


16% 
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16: 


16% 


16: 


16% 


Los 


RIP 


RIP: 


RIP: 


RiP s 


REPS 


RIP: 


REP s 


RiP: 


REPS 


[120/1] via 192.168.2.2, O00:00213, 


Update contains 4 routes 


Update contains 8 routes 


Update queued 


Update sent via Ethernet0O 


Update contains 5 routes 


Update queued 


192.168.4.0/24 is directly connected, Ethernetl 


192..168.5.0/24 


[120/1] via 192.168.4.2, 00:00:04, 


received v2 update from 192.168. 


Seriall 


4.2 on Ethernetl 


sending v2 update to 224.0.0.9 via Ethernet0 


sending v2 update to 224.0.0.9 via Ethernetl 


Ethernetl 


10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 


10.2.2.0/24 


10.0.0.0/8 


[120/1] via 192.168.2.2,. OOZ00207, 


[120/2] via 192.168.4.2, 00:00:04, 


Seriall 


Ethernetl 


(192.168.1.1) 


(192.1684. 1) 


Cc 10.1.1.0/24 is directly connected, Serial0 
R 192.168.6.0/24 [120/1] via 192.168.4.2, 00:00:04, Ethernetl 


[120/1] via 192.168.2.2, 00:00:07, Seriall 


Cc 192.168.1.0/24 is directly connected, Ethernet0O 
es 192.168.2.0/24 is directly connected, Seriall 
R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:07, Seriall 


rl#undebug all 


Fix any issues before you continue. If you cannot see the debug output when you telnet in, you 
may need to turn on terminal monitor (term mon). |n this example, | did not show the output 
of the interface status on r2, but that is pretty important in troubleshooting such issues. Repeat 
the example as necessary or log it for future reference. 


SeeFigure 3-24 or look at one of your Sniffer traces to analyze the RIP packet format. Up to 25 
destinations can be listed in a single packet. Next! discuss the Cisco proprietary routing 
protocols |GRP and EIGRP. 


IGRP/EIGRP 


Interior Gateway Routing Protocol (IGRP) was developed in the mid-1980s as a Cisco proprietary 
protocol to help overcome some of limitations of RIP, such as the single metric of hop count. It 
has stability features similar to RIP—hold-down timers, split horizon, poison reverse, and 
triggered updates. The timers are as follows: invalid 270 seconds, holddown 280 seconds, and 
flush 630 seconds. It also contains mechanisms to influence route selection and unequal load 
sharing. | use the phrase BigDogsReallyLikeMeat to remember the metrics for |GRP and 

El GRP: 


e Bandwidth 
e Delay 

e Reliability 
e Load 


e MTU 


IGRP is an IGP, a distance vector routing protocol based on the Bellman-Ford algorithm that 
broadcasts routing updates every 90 seconds over IP protocol number 9. It is fine for small and 
medium-size networks, but Cisco enhanced it greatly and added VLSM support to its 
replacement, EIGRP. 


Cisco developed Enhanced IGRP (EIGRP) in the early 1990s to overcome limitations of RIP and 
its own IGRP. Cisco says IGRP is going to be removed from IOS. EIGRP is suitable for large 
networks today and supports multiple routed protocols. It consumes significantly less bandwidth 


because of its partial, bounded updates, and can be one of the fastest converging routing 
protocols there is. 


The following are EIGRP characteristics: 


e Cisco proprietary protocol. 

e Good for small to large networks. 

e Very easy to configure. Uses autonomous system (AS) number. 

e Supports multiple Layer 3 routed protocol stacks, such as IP, Novell |PX, and AppleTalk. 


e Advanced distance vector routing protocol. Often called a hybrid due to its incremental 
updates and rapid convergence capabilities. 


e IGP. 

e Multicast triggered updates over 224.0.0.10, not periodic. 
e IP protocol number 88. 

e Internal administrative distance is 90; external is 170. 

e Metrics are bandwidth, delay, reliability, load, and MTU. 

e Supports equal- and unequal-cost load sharing. 

e Other stability features to assist with routing loops: 


-Split horizon— Not useful to send information about a route back in the direction 
from which it came 


-Poison reverse— Updates that are sent to remove a route and place it in holddown 
e Uses Diffusing Update algorithm (DUAL) to select loop-free paths and give it very fast 
convergence. 

e Supports VLSM and manual summarization (classless). 

e Automatic classful boundary summarization. 

e Manual summarization on update sent out each interface. 

e Automatic redistribution with |GRP if same AS number. 

e Route tagging for policy-based routing. 
EIGRP gets its reliability from the Reliable Transport Protocol (RTP). It maintains not only a 
routing table, but also a neighbor and topology table. EIGRP maintains alternate routes referred 
to as successors (routing table) and feasible successors (topology table) to quickly converge. The 
following packet types are used for neighbor communications: hellos (multicast) and acks 
(unicast), update (multicast or unicast), query (multicast), reply (unicast), and request 
(multicast or unicast). Packets are held in a queue for retransmission, and there are separate 


neighbor tables (and entirely separate processes) for each protocol. 


Cisco has some wonderful white papers on EI GRP that you should download and review to assist 


you with troubleshooting. Other popular references include the book EI GRP Network Design 
Solutions (Cisco Press). Just remember when troubleshooting EIGRP, active ain't good, but 
passive is. Active means that you are actively looking for something that you don't have. Pay 
particular attention to summarization when you are experiencing stuck-in- active situations. 
Besides the basic |OS commands in your repertoire, you should add show ip eigrp ? and 
debug ip eigrp ? for your EIGRP IP troubleshooting assistance. Next | very briefly review OSPF, 
1S-1S, and BGP. You will continue to configure, analyze, and troubleshoot the convergence of 
these protocols over various Layer 2 technologies throughout the rest of this book. 


OSPF 


Open Shortest Path First (OSPF) overcomes the disadvantages of RIP and is not proprietary in 
nature, but its openness supports only the |P routed protocol. The protocol is a link-state |GP 
based on the Dijkstra algorithm developed by the Internet Engineering Task Force (IETF) to 
support large heterogeneous networks. Lots of research was completed from 1987 until the 
current OSPFv2 specification in 1991. Link-state advertisements are sent to all, which causes an 
initial flood on the router; after that, however, OSPF is very efficient in operation. It uses three 
different databases (tables) for the neighbors, link states, and routes. 


The following are OSPF characteristics: 


e Open protocol. 

e Good for small to large networks. 

e Not as easy to design and configure as other protocols. 

e Supports only the |P Layer 3 routed protocol stack. 

e Link-state routing protocol (doesn't just send to neighbors like distance vector). 
e IGP. 

e Multicast link-state advertisement (LSA) updates over 224.0.0.5 and 224.0.0.6. 
e IP protocol number 89. 

e Administrative distance is 110. 

e Metric is a cumulative cost (inversely proportional to bandwidth). 


e Supports only equal- cost load sharing, but some implementations can take advantage of 
type of service (TOS) requests. 


e Requires a routing hierarchy in that every area must touch the backbone area (otherwise 
temporary fixes such as virtual links are used). Various router types, LSA types, area types, 
and states, depending on your design and Layer 2 topology. 


e Uses Dijkstra algorithm to select loop-free paths and give it fast convergence. This uses 
LSAs and is based on the Shortest Path First (SPF) algorithm, where the protocol got its 
name. 


e Supports VLSM and summarization (classless). 


e Supports manual summarization only; this is not automatic like EIGRP. Must be performed 
on an ABR (area range) or ASBR (Summary address) only. 


e Route tagging for policy-based routing. 


Besides the basic |OS commands in your repertoire, you should add show ip ospf ? and debug 
ip ospf ? for your OSPF troubleshooting assistance. 


OSPF references include the books OSPF Network Design Solutions (Cisco Press) and OSPF: 


Anatomy of an Internet Routing Protocol (Addison-Wesley). John Moy is the author of the latter, 
and if you truly want the RFC detail, this is the book to read. Next take a look at IS-IS. 


IS-IS 


The |1SO was working on Intermediate System-to-Intermediate System (IS-IS) about the same 
time the IAB was working on OSPF. The late 1980s and early 1990s, a time in our history when 
everyone thought the OSI suite would overtake TCP/IP, was when Integrated IS-IS was 
proposed. Although originally designed for OSI routing, IS-IS was developed by ISO to support 
CLNS/CLNP. Integrated IS-1S, which supports IP, was a later development. The purpose was to 
provide a single routing protocol that could route Connectionless Network Protocol (CLNS) and 
IP. 1S-IS is in use by ISPs today. OSPF and IS-IS have many common features. 


The following are |S-IS characteristics: 


e Open protocol. 

e Good for medium to very large networks. 

e |1SO link-state routing protocol similar to OSPF. 
e IGP. 

e |S-IS Layer 2 PDUs rather than IP packets. 
e Uses Layer 2 multicast. 

e Administrative distance is 115. 

e Very limited metric dynamic range (0-63). 
e Equal-cost load sharing. 

e Two-level hierarchical topology. 

e Uses Dijkstra/SPF algorithm. 

e Supports VLSM and summarization. 

e Manual summarization. 

e Route tagging for policy-based routing. 


Besides the basic |OS commands in your repertoire, you should add show is-is ?, show clns ?, 
anddebug is-is ? for your IS-1S troubleshooting assistance. 


Jeff Doyle's Routing TCP/IP, Volume | does a good job of explaining many topics, including IS- 
1S. Volume I! is great for BGP, as is Sam Halabi's Internet Routing Architectures. 


BGP 


Border Gateway Protocol (BGP) is an EGP that pretty much replaces the legacy EGP protocol 
itself. BGP performs routing between autonomous systems and is the standard routing protocol 
on the Internet. This is referred to as External BGP (EBGP), whereas when BGP is used to route 
within an AS it is referred to as Interior (IBGP). BGP is not a routing protocol for the 
fainthearted. It requires all manual configurations for a very good reason; you are not only 
affecting you, but you are also affecting me. For troubleshooting BGP, if routes are not in the 
BGP table, there is no way they will be in the routing table. Always make sure your neighbors 
are talking to you. One of the most useful commands in troubleshooting BGP is show ip bgp 
summary. 


The following are BGP characteristics: 


e Open protocol. 
e Good for very large internetworks. 


e Not as easy to design and configure as other protocols. Everything is manual, including 
neighbors (peers). 


e Advanced distance vector or path vector routing protocol. 

e EGP. 

e TCP port 179. 

e Internal administrative distance is 200; external is 20. 

e Metrics include many attributes such as MED, Origin, AS-Path, Next-hop, and Community. 

e Does not demand a particular routing hierarchy; roll your own. 

e Automatic and manual summarization features. 

e Route tagging for policy-based routing. 
Besides the basic |OS commands in your repertoire, you should add show ip bgp ? and debug 
ip bgp ? for your BGP troubleshooting assistance. Remember that BGP is an EGP and that what 
you do affects others. |SPs often turn on dampening to account for those who really don't know 
what they are doing with BGP configuration or to compensate for link flaps. Too many changes 
within a certain period of time may mean that you don't get to communicate at all. 
Individual routing protocols are books in themselves. However, | have quickly summarized the 
common routing protocols for you. The routing table is a good place to start troubleshooting, but 
if routes are missing, ultimately they may depend on Physical Layer or Data Link Layer issues, 


neighbor relationships, and topology or link-state tables. Cisco does a great job at categorizing 
more specific IP routing issues for you (see Figure 3-33). 


Figure 3-33. 1P Routing Top Issues 
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NOTE 


Refer back to Chapter 1, Table 1-3, for a quick comparison of routing protocols. 


Now it is time for the Trouble Tickets. The plan here is to give you several things to do, let you 
make mistakes and fix some things on your own, and to introduce other problems that you 
should have some experience with as a support person. Shooting trouble with IP can easily bea 
multiple- volume set of books in itself. Because it is a big part of troubleshooting today, | also 
integrate more | P-related issues into the other chapters. 


NOTE 


Donotwrite erase your routers and start from scratch. Whether it is now or later, you 
will learn from your own mistakes. In the real world, many times | find it easier to just 
start from scratch if things differ that much. In many cases, you do not have that 
luxury—for what you change ona router affects not just one person, but many others, 
and change control is a definite must. 


Trouble Tickets 


Complete the following Trouble Tickets in order. Use the tools from this and the preceding 
chapters to analyze, test, and document as you go. Feel free to create your own Physical Layer 
problems if you need more practice there. Sample solutions are provided after this section. 


Trouble Ticket 1 


Quickly review your existing configurations and copy them to a TFTP server as r1-rip2, r2-rip2, 
r3-rip2, r4-rip2, and r5-rip2 so that you can use them again later. 


Trouble Ticket 2 


Draw a new Chapter 3 scenario diagram and label the address ranges and interfaces per your 
calculations in Figure 3-27. Leave the links to r4 and r5 numbered as they are. 


Trouble Ticket 3 


Re-address the network using your new diagram. Remove RIP and save your configurations. 


Trouble Ticket 4 


Change the routing protocol from RIP to EIGRP using an AS number of choice. Verify routing 
processes, protocols, and that you have the correct information in each routing table. Disconnect 
and reconnect the r1sl1 cable and experiment a bit. 


Trouble Ticket 5 


Ping and trace from hosta to hostc and capture the results. Save all configurations and verify 
everything before you continue. Quickly review your configurations and copy them to a TFTP 
server as rl-eigrp, r2-eigrp, r3-eigrp, r4-eigrp, and r5-eigrp so that you can use them again 
later. 


Trouble Ticket 6 (Optional) 


Set up an access list to allow only hosta to telnet to rl. The other hosts should not be able to 
telnet, but should be able to ping or trace. Apply and test the ACL. Leave the ACL configuration, 
but remove the application of it from the interface after you verify that it works. 


Trouble Ticket 7 (Optional) 


Set up one of your clients for DHCP to capture and analyze the Discover, Offers, Request, and 


Acknowledgement frames. 


NOTE 


Trouble Tickets 6 and 7 are optional bonus exercises because there will be plenty of 
opportunity to perform similar tests later in the book. Trouble Tickets 6 and 7 are for 
you to work through on your own and do not have a solution provided. 


Trouble Tickets Solutions 


These solutions are not always the only way to perform these tasks. However, the upcoming 
chapter scenarios are based on these solutions. 


Trouble Ticket 1 Solution 


| reviewed and copied my existing configurations to my TFTP server as rx-rip2, where | replaced x 
for each router number. In Example 3-37, | performed a simple ping first to make sure! had 
connectivity to the TFTP server, and then copied the files. You may want to tweak the 
configuration of your TFTP server to place the files in the location you prefer for easy access later. 
You should also get familiar with how your particular TFTP server handles files that already exist. 
For example, you may want to have it prompt you as to what to do if the files already exist. The 
answer shows the output for r1 only, but this was performed from each router. 


Example 3-37. Copying Existing Configurations to a TFTP Server 


rl#ping 192.168.1.11 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168.1.11, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 
rl#copy running-config tftp 

Address or name of remote host []? 192.168.1.11 


Destination filename [running-config]? rl-rip2 


1169 bytes copied in 5.680 secs (233 bytes/sec) 


r1# 


Trouble Ticket 2 Solution 


Figure 3-34 displays the new addressing scheme that! used as a guide for configurations in the 
examples to follow. 


Figure 3-34. Trouble Tickets Scenario 
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Trouble Ticket 3 Solution 


| used Figure 3-34 as a guide to re-address the network. Example 3-38 shows a few problems | 
had when re-addressing the interfaces. | could have typed no ip address on each interface to 
remove the old one before | started, but then you may not have realized the overlapping 
problems. While on each router, | also issued no router rip to quickly remove the RIP routing 
protocol commands. A quick test after the configuration is to perform show ip interface brief to 
verify the configuration against the drawing. 


NOTE 


Although | did not shut my interfaces down before and after configuring them, that is 
certainly the best practice to do so. 


Example 3-38. Re-Addressing and Removing RIP 


rl(config) #interface e0 


rl(config-if) #ip address 192.168.5.17 255.255.255.240 


rl1(config-if) #interface el 
rl(config-if)#ip address 192.168.5.33 255.255.255.240 
rl1(config-if) #interface sl 


rl(config-if) #ip add 192.168.5.81 255.255.255.240 


rl(config-if)#no router rip 


r1(config) #end 


rl#copy running-config startup-config 


r2 (config) #interface e0 

r2(config-if)#ip address 192.168.5.34 255.255.255.240 
192.168.5.32 overlaps with Seriall 

r2(config-if) #interface sl 

r2(config-if)#ip address 192.168.5.49 255.255.255.240 
r2(config-if) #interface e0 

r2(config-if)#ip address 192.168.5.34 255.255.255.240 
r2(config-if) #interface s0 


r2(config-if) #ip address 192.168.5.65 255.255.255.240 


r2(config-if)#no router rip 
r2 (config) #end 


r2#copy running-config startup-config 


r3 (config) #interface s0/0 

r3(config-if)#ip address 192.168.5.82 255.255.255.240 
192.168.5.80 overlaps with Serial0/2 

r3(config-if) #interface s0/2 

r3(config-if)#ip address 192.168.5.50 255.255.255.0 


r3(config-if) #interface s0/0 


r3(config-if) #ip address 192.168.5.82 255.255.255.240 


192.168.5.80 overlaps with Serial0/2 
r3(config-if) #interface s0/2 
r3(config-if)#ip address 192.168.5.50 
r3(config-if) #interface s0/0 
r3(config-if)#ip address 192.168.5.82 
r3(config-if) #interface s0/1 
r3(config-if)#ip address 192.168.5.66 
r3(config-if) #interface fa2/0 


r3(config-if)#ip address 192.168.5.97 


r3(config-if) #no router rip 

r3 (config) #end 

r3#copy running-config startup-config 
r4(config)#no router rip 

r4 (config) #end 

r4#copy running-config startup-config 
r5(config)#no router rip 

r5 (config) #end 


r5#copy running-config startup-config 


rl#show ip interface brief 


Interface IP-Address 
Ethernet0 192.168:.0% 17 
Ethernetl 192.168% 5.333 
Serial0d AOL Mell 
Seriall 192.168.5381 


r2#show ip interface brief 
Interface IP-Address 


Ethernet0O 192.4168.:5%34 


255.255.255.240 


255.255.255.240 


255.255.255.240 


255.255.255.240 


OK? 


YES 


YES 


YES 


YES 


OK? 


YES 


Method 


manual 


manual 


NVRAM 


manual 


Method 


manual 


Status 


up 


up 


up 


up 


Status 


up 


Protocol 


up 


up 


up 


up 


Protocol 


up 


Serial0d 192.168.5565 
Seriall 192.168.5.49 


r3#show ip interface brief 


Interface IP-Address 
Serial0/0 192.168. 5../82 
Serial0/1 192.168.5366 
Serial0/2 192.168.5510 
Serial0/3 O22 
FastEthernet2/0 192.168.9599 


Trouble Ticket 4 Solution 


YES 


YES 


OK? 


YES 


YES 


YES 


YES 


YES 


manual 


manual 


Method 


manual 


manual 


manual 


NVRAM 


manual 


up 


up 


status 


up 


up 


up 


Protocol 


up 


up 


up 


up 


up 


Example 3-39 starts the EIGRP configuration and testing. | used AS number 500 for my test and 
saved my configurations as | went along. Notice in Example 3-39 how | configured 10.1.1.0 and 
10.2.2.0.show running-config shows 10.0.0.0. EIGRP is relatively easy to configure, but 


remember that it is proprietary. 


Example 3-39. EI GRP Configuration 


rl(config) #router eigrp 500 

rl (config-router) #network 192.168.5.0 
rl (config-router) #network 10.1.1.0 

rl (config-router) #end 

rl#copy running-config startup-config 
r2 (config) #router eigrp 500 

r2 (config-router) #network 192.168.5.0 
r2 (config-router) #end 

r2#copy running-config startup-config 


r3 (config) #router eigrp 500 


r3 (config-router) #network 192.168.5.0 
r3(config-router) #network 10.2.2.0 

r3 (config-router) #end 

r3#copy running-config startup-config 
r4(config) #router eigrp 500 
r4(config-router) #network 10.2.2.0 

v4 (config-router) #end 

r4d#copy running-config startup-config 
r5(config) #router eigrp 500 
r5(config-router) #network 10.1.1.0 
r5(config-router) #end 

r5#copy running-config startup-config 


r5#show running-config 


router eigrp 500 


network 10.0.0.0 


ip classless 


end 


Example 3-40 illustrates show ip protocols and show ip route to verify EIGRP parameters and 
routes. You should verify every router; | have listed only the first one. The EIGRP learned routes 
are shown with a D, whereas RIP represented them with an R. It is important to note how EIGRP 
automatically summarizes on the classful boundary. 


Example 3-40. EIGRP Testing with show ip protocols and show ip route 


rl>show ip protocols 


Routing Protocol is "eigrp 500" 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list for all interfaces is not set 
Default networks flagged in outgoing updates 


Default networks accepted from incoming updates 


EIGRP metric weight Kl=1, K2=0, K3=1, K4=0, K5=0 
EIGRP maximum hopcount 100 
EIGRP maximum metric variance 1 
Redistributing: eigrp 500 
Automatic network summarization is in effect 
Automatic address summarization: 
10.0.0.0/8 for Ethernet0O, Ethernetl1, Seriall 
Summarizing with metric 40512000 
192.168.5.0/24 for Serial0 
Summarizing with metric 281600 
Routing for Networks: 
1.0.2:0:.'0..:0 
192 .168:.5%'0 


Routing Information Sources: 


Gateway Distance Last Update 
CEhus router) 5 00:16:31 
NO sd oh 2 90 00:15:44 
192 1 V6S8. 582 90 00:16:31 
Gateway Distance Last Update 
192 .168%..5.34 90 00316232 


Distance: internal 90 external 170 
rl>show ip route 


Codes: C -— connected, S - static, I - IGRP, R - RIP, M - mobile, 


By = BGP 


D — EIGRP, EX — EIGRP external, O -— OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 
Gateway of last resort is not set 


192.168.5.0/24 is variably subnetted, 7 subnets, 2 masks 


D 192.168 .5.96/28. [90/40514560] via 192.168.5.82, 00:16:37, Serial 

D 192.168.5.64/28 [90/40537600] via 192.168.5.34, 00:16:37, Ethernetl 
Cc 192.168.5.80/28 is directly connected, Seriall 

Cc 192.168.5.32/28 is directly connected, Ethernet1l 

D 192.168.5.48/28 [90/40537600] via 192.168.5.34, 00:16:37, Ethernetl 
D 192.168.5.0/24 is a summary, 00:18:11, Nul1l10 

(ee 192.168.5.16/28 is directly connected, Ethernet0O 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 


D 10.0.0.0/8 is a summary, 00:16:37, Null0 
iC 10.1.1.0/24 is directly connected, Serial0 
NOTE 


Think about the routing table issues as you work through some common EI GRP 
troubleshooting commands. 


Example 3-41 further explores El1GRP with some EI GRP-specific 1|OS debug commands. | 
disconnected the r1S1 cable after turning on a pretty explicit command for you to see the EI GRP 
packet and update process. After looking at the routing table, | plugged the cable back in and 
explored some of the EIGRP show and logging commands that are quite helpful in troubleshooting 


inExample 3-42. 


Example 3-41. Experimenting with EI GRP Troubleshooting Tools 


rl#debug eigrp ? 


fsm 


EIGRP Dual Finite State Machine events/actions 


neighbors EIGRP neighbors 


packets 


transmit 


EIGRP packets 


EIGRP transmission events 


rl#debug eigrp transmit 


EIGRP Transmission Events debugging is on 


(ACK, 


O12 210706: 


Ol Ais 


O12 21 


Ol 21s 


O12 21: 


Odes 2 i. 


OL 21% 


Od 2b 


OCLs 21% 


OL Zi 


Os 2.8 


Od 22% 


ids aui 


Ores 


Oly 21% 


Od 221s 


Oils 2a 


Ord 22s 


Oa. 


OL 2s 


OG: 


O6:: 


OG: 


06: 


06: 


06: 


06: 


06: 


OG: 


06: 


06: 


06: 


06: 


C6: 


06: 


06: 


06: 


06: 


06s 


PACKETIZE, STARTUP, PEERDOWN, LINK, BUILD, STRANGE, DETAIL) 
SLINK-3-UPDOWN: Interface Seriall, changed state to down 
DNDB QUERY 192.168.5.80/28, serno 3 to 16, refcount 3 
Anchoring SerialO, starting Serial0O timer 
Anchoring Ethernetl, starting Ethernetl timer 
Anchoring Seriall, starting Seriall timer 
Peer 192.168.5.82 going down 
DNDB QUERY 192.168.5.96/28, serno 15 to 17, refcount 3 
Last peer deleted from Seriall 
Dropping refcount on 192.168.5.80/28, refcount now 2 
Dropping refcount on 192.168.5.96/28, refcount now 2 
Packetizing timer expired on Serial0O 
Packets pending on Serial0O 
Entft Sérial0 packetized QUERY 16=17 
Interface is now quiescent 
Building multicast QUERY packet for Serial0O, serno 16-17 
Items: U16 U17 


Packetizing timer expired on Ethernetl 


Packets pending on Ethernetl 


Intf Ethernetl packetized QUERY 16-17 


Interface is now quiescent 


01:21:06: Building multicast QUERY packet for Ethernetl, serno 16- 


O12 27 3062 Items: 6. 7 


O1l:21:06: Packetizing timer expired on Seriall 


01:21:06: Packet acked from 192.168.5.34 (Ethernetl), serno 16-17 


01:21:06: Flow blocking cleared on Ethernet1l 


01:21:06: Multicast acked from Ethernetl, serno 16-17 


Od 2 2 il O62 Found serno 16, refcount now 1 


Osh 2a sh OeG 2 Found serno 17, refcount now 1 


O1:21:06: Packet acked from 10.1.1.2 (SerialO), serno 16-17 


01:21:06: Flow blocking cleared on Serial0 


01:21:07: SLINEPROTO=5=UPDOWN: Line protocol on Interface Seriall, 


changed state to down 


rl#show ip route 


192.168.5.0/24 is variably subnetted, 6 subnets, 2 masks 


D 192.168.5.96/28 [90/40540160] via 192.168.5.34, 00:00:12, 
D 192.168.5.64/28 [90/40537600] via 192.168.5.34, 00:32:10, 
ie 192.168.5.32/28 is directly connected, Ethernetl 

D 192.168.5.48/28 [90/40537600] via 192.168.5.34, 00232310, 
D 192.168.5.0/24 is a summary, 00:33:44, Nul1l10 

Cc 192.168.5.16/28 is directly connected, Ethernet0O 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
D 10:0.:0,0/8 8a summary, O0S32211, Nulled 
c 10.1.1.0/24 is directly connected, Serial0 
01:21:38: SLINK-3-UPDOWN: Interface Seriall, changed state to up 
01:21:38: DNDB UPDATE 192.168.5.80/28, serno 0 to 20, refcount 2 


O13 21338 Anchoring SerialO, starting SerialO timer 


17 


Ethernetl 


Ethernetl 


Ethernetl 


OLs212 38% Anchoring Ethernetl, starting Ethernetl timer 


Ol:21338: Packétizing timer expired on Ser1ald 


01:21:38: Packets pending on SerialO 


O1l321338: Intf Serial0 packetized UPDATE 20=20 


Ole 238s Interface is now quiescent 


01:21:38: Building multicast UPDATE packet for Serial0O, serno 20-20 


O12 21s38% Items: S20 


OlSZ1s39 Suppressed. 


01:21:38: Building startup packet for 192.168.5.82, serno 1-20 


Ole 21S SeN Items: 12 S84 S85 6 7 8 19 S820 


01:21:39: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


changed state to up 


01:21:40: Building startup packet for 192.168.5.82, serno 1-20 


01:21:40: Ttems: 12 S485 6 7 8 19 S20 

01:21:42: DNDB UPDATE 192.168.5.96/28, serno 19 to 21, refcount 3 
OLs2ls42: Anchoring Seriall, starting Seriall timer 

O12 42: Anchoring Ethernetl, starting Ethernetl timer 
OLle2l42: Anchoring SerialO, starting Serial0O timer 


01:21:42: Packetizing timer expired on Seriall 
01:21:42: Packets pending on Seriall 
O1:21342: Intft Seriall packetized UPDATE 21-21 


rl#show ip route 


192.168.5.0/24 is variably subnetted, 7 subnets, 2 masks 
D 192.168.5.96/28 [90/40514560] via 192.168.5.82, 00:00:04, 
D 192.168.5.64/28 [90/40537600] via 192.168.5.34, 00:00:04, 


C 192.168.5.80/28 is directly connected, Seriall 


Seriall 


Ethernetl 


(ey 192.168.5.32/28 is directly connected, Ethernetl 

D 192.168.5.48/28 [90/40537600] via 192.168.5.34, 00:00:04, 

D 192.168.5.0/24 is a summary, 00:34:12, Null0 

ie 192.168.5.16/28 is directly connected, Ethernet0O 
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 

D 10.0.0.0/8 is a summary, 00:00:04, Null0 

Cc 10.1.1.0/24 is directly connected, Serial0 


rli#undebug all 


Ethernetl 


Example 3-42. Troubleshooting Using EIGRP Show Commands 


rl#show ip eigrp ? 


interfaces IP-EHIGRP interfaces 
neighbors IP-EIGRP neighbors 

topology IP-EIGRP Topology Table 
trafic EP=HIGRE Traftfiae StaervsEeies 


rl#show ip eigrp neighbors 


IP-EIGRP neighbors for process 500 


H Address Interface 
alt 192.168: 5.82 Sel 
2 MO st ge 2 Sed 
0 192.16935.34 eal 


rl#show ip eigrp interfaces 


IP-EIGRP interfaces for process 
Xmit Queue 
Un/Reliable 


Interface Peers 


500 


Mean 


SRTIT 


Hold Uptime SRTIT RTO Q Seq 
(sec) (ms) Cnt Num 

12 OOS 0115 24 2280 0 38 

14 00:33:05 44 2280 0 3 

10 00:34:23 25 200 O 35 
Pacing Time Multicast Pending 
Un/Reliable Flow Timer Routes 


Eto 0 0/0 0 0/10 0 0 


Etl i 0/0 29 0/10 108 0 
Sel i 0/0 24 10/380 380 0 
Se0 1 0/0 44 10/380 526 0 


rl#show ip eigrp topology ? 


<1=65935> AS Number 

A.BeC 3D Network to display information about 
active Show only active entries 

all-links Show all links in topology table 
pending Show only entries pending transmission 
summary Show a summary of the topology table 


zero-successors Show only zero successor entries 
<Ccr> 
rl#show ip eigrp topology active 


IP-EIGRP Topology Table for process 500 


The next two commands are very useful for E1GRP troubleshooting. Turn them on and note the 
output (as | do in Example 3-43). To force some changes, | issued a no shut on rls1 to seea 
neighbor change. | brought that interface back up, turned off the neighbor changes, and turned on 
the neighbor warnings. Then | went to r2 to bounce (shut/no shut) the Ethernet 0 interface to 
observe the results. 


Example 3-43. EI GRP Logging 


rl(config) #router eigrp 500 


r1l(config-router) #eigrp ? 


log-neighbor-changes Enable/Disable IP-EIGRP neighbor logging 


log-neighbor-warnings Enable/Disable IP-EIGRP neighbor warnings 
rl (config-router) feigrp log-neighbor-changes 


rl (config-router) #end 


rl(config) #interface sl 
rl (config-if) #shut 


01:42:34: SDUAL-5-NBRCHANGE: IP-EIGRP 500: Neighbor 192.168.5.82 


down: interface down 
01:42:36: SLINK-5-CHANGED: Interface Seriall, changed state to 


administratively down 


(Seriall) 


01:42:37: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


changed state to down 
rl(config-if)#no shut 


01:42:54: SLINK-3-UPDOWN: Interface Seriall, changed state to up 


01:42:55: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


changed state to up 


01:42:56: SDUAL-5-NBRCHANGE: IP-EIGRP 500: Neighbor 192.168.5.82 


up: new adjacency 
rl (config-if) #exit 
rl(config) #router eigrp 500 
rl(config-router) #no eigrp log-neighbor-—changes 
rl(config-router) feigrp log-neighbor-warnings 
rl (config-router) #exit 
rl1(config) #interface sl 


rl (config-if) #shut 


(Seriall) 


01:43:33: SDUAL-5-NBRCHANGE: IP-EIGRP 500: Neighbor 192.168.5.82 (Seriall) 


down: interface down 

01:43:35: SLINK-5-CHANGED: Interface Seriall, changed state to 
administratively down 

01:43:36: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


changed state to down 


1s 


1s 


8 


rl(config-if)#no shut 

r2 (config) #interface e0 

r2 (config-if) #shut 

rl 01:44:30: SDUAL-5-NBRCHANGE: IP-EIGRP 500: Neighbor 192.168.5.34 (Ethernetl) is 
down: holding time expired 

r2(config-if)#no shut 

rl 01:44:55: SDUAL-5-NBRCHANGE: IP-EIGRP 500: Neighbor 192.168.5.34 (Ethernetl) is 


up: new adjacency 


Look back through the examples and compare the output of some of the commands to your 
drawing. There are still issues with E1GRP. Can you spot them? Fix them and continue on to the 
next Trouble Ticket. 


A simple ping test or looking at the routing tables for network 10.0.0.0 should have told you that 
EIGRP automatically summarizes on the classful boundary. On rl and r5, for example, you could 
see 10.1.1.0 but not 10.2.2.0. r3 and r4 displayed 10.2.2.0, but not 10.1.1.0. The fix is in 
Example 3-44, and the commands are required on rl and on r3 since they cross network 


boundaries. Test by displaying the routing table on r2 and ping testing from router to router, 
although a better test would be from hosta to 10.2.2.2. 


Example 3-44. EIGRP no auto-summary Fix 


r2#show ip route 
192.168.5.0/28 is subnetted, 6 subnets 
D 192.168.5.96 [90/40514560] via 192.168.5.66, 00:03:35, Serial0O 


[90/40514560] via 192.168.5.50, 00:03:35, Seriall 


a 192.168.5.64 is directly connected, Serial0O 

D 192.168.5.80 [90/40537600] via 192.168.5.33, 00:03:36, Ethernet0O 
a 192.168.5.32 is directly connected, Ethernet0O 

Cc 192.168.5.48 is directly connected, Seriall 

D 192.168.5.16 [90/307200] via 192.168.5.33, 00:03:36, Ethernet0 


D 10.0.0.0/8 [90/40537600] via 192.168.5.33, 00:03:36, Ethernet0 


rl(config) #router eigrp 500 
rl (config-router) #no auto-summary 


rl (config-router) #end 


rl#copy running-config startup-config 
r3 (config) #router eigrp 500 
r3(config-router) #no auto-summary 

r3 (config-router) #end 


r3#copy running-config startup-config 


r2>show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 


D = EBIGRP, EX = EIGRP external, O = OSPF, IA = OSPF inter area 


N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 


El = OSPF external. type 1, E2 = OSPF external type 2, E = EGP 


i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * -— candidate default 
U - per-user static route, o - ODR 
Gateway of last resort is not set 
192.168.5.0/28 is subnetted, 6 subnets 
D 192.168.5.96 [90/40514560] via 192.168.5.66, 00:00:50, Serial0 


[90/40514560] via 192.168.5.50, 00:00:50, Seriall 


c 192.168.5.64 is directly connected, Serial0O 

D 192.168.5.80 [90/40537600] via 192.168.5.33, 00:00:50, Ethernet0O 
a) 192.168.5.32 is directly connected, Ethernet0O 

c 192.168.5.48 is directly connected, Seriall 

D 192.168.5.16 [90/307200] via 192.168.5.33, 00:00:50, Ethernet0 


10.0.0.0/24 is subnetted, 2 subnets 


D 10.2.2.0 [90/41024000] via 192.168.5.66, 00:00:50, Serial0d 


[90/41024000] via 192.168.5.50, 00:00:50, Seriall 


D 10.1.1.0 [90/40537600] via 192.168.5.33, 00:00:51, Ethernet0 


r2> 


Notice how the 10.1.1.0 and 10.2.2.0 subnets now display in the routing table with a D in front. 
Just as with the previous RIPv2 examples, the no auto-summary command is critical in a 
situation such as this in order for EIGRP to support discontiguous subnets. EIGRP enables you to 
summarize manually on any boundary and interface you so choose. 


Trouble Ticket 5 Solution 


You should now be able to successfully ping and trace between all your routers. That is great, but 
the real goal is host-to-host, end-to-end connectivity. See whether you can ping and tracert from 
hosta to hostc and capture the results. Of course, if you are like me, you may have forgotten to 
change the IP address information on your hosts. Obviously that is a prerequisite to the rest of 
this. Table 3-12 shows my host parameters. If you need more help with addresses, masks, and 
gateways, experiment a little more here by changing one at the time and observing the results. 
Practice does make perfect! Compare your results to my output in Example 3-45 and Figure 3-35. 
Also take time to examine how Sniffer displays El1GRP. Remember to save all your configuration 
files to the TFTP server with the rx-eigrp name format. 


Figure 3-35. EIGRP and Client Initialization Traffic 
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Table 3-12. Trouble Ticket Host Configuration 


IP Address Subnet Mask Gateway 
hosta 192.168.5.18 255.255.255.240 192.168.5.17 
hostb 192.168.5.19 255.255.255.240 192.168.5.17 
hostc 192.168.5.98 255.255.255.240 192.168.5.97 


Example 3-45. Trouble Ticket 5 Ping and Trace Output 


C:\>ping 192.168.5.98 

Pinging 192.168.5.98 with 32 bytes of data: 

Request timed out. 

Reply from 192.168.5.98: bytes=32 time=20ms TTL=126 


Reply from 192.168.5.98: bytes=32 time=10ms TTL=126 


Reply from 192.168.5.98: bytes=32 time=10ms TTL=126 
Pang Stakastics For 192.168 .5.98% 

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 
Approximate round trip times in milli-seconds: 

Minimum = 10ms, Maximum = 20ms, Average = 10ms 
C:\>tracert 192.168.5.98 
Tracing route to HOSTC [192.168.5.93] 


over a maximum of 30 hops: 


al <10 ms 10 ms e110 ms 192). 168.5.17 
2 20 ms 20 ms 20-ms 192.168.5482 
3 20 ms 30 ms 30 ms HOSTC [192.168.5..98] 


Trace complete. 


| captured my file just after | made the change to the hostb IP changes. | started Sniffer upon 


bootup to capture the Windows 98 client bootup for later review. The file is chapter 3 eigrp and 
client initialization traffic sniffer capture. 


The first couple of hundred lines of the Sniffer capture include hostb booting up to the Windows 98 
operating system. Starting in line 221, | issued a ping and then a tracert from hosta to hostc as 
the output in Example 3-45 depicts. See the EIGRP multicast 224.0.0.10 hello address and IP 
handing off to EIGRP over protocol number 88. 


You have completed the chapter Trouble Tickets when you feel comfortable with the tasks 
assigned and the various scenarios throughout the chapter. | saved my configurations to the TFTP 
server and also logged the output of show running-config to a file. | did not bother with 
changing the hosts files, but you certainly can if you so desire. However, | will have you write 
erase in the next chapter anyway. 


Review or experiment in the areas where you need more help. Understanding and troubleshooting 
in a simple environment is certainly the foundation for understanding and troubleshooting 
complex protocols and technologies. Check your understanding with the chapter review questions. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


Les 


In the RIP scenario, why were you successful with using RIPv2 rather than RIPv1? 


bes 


A Cisco router maintains ARP entries much longer than most PCs. How can you 
remove all entries from the ARP cache on a Cisco router? It would be less detrimental 
to all to just remove an entry associated with a given interface. Can you do that ona 
router? On a Windows-based PC? 


3: Draw a table comparing TCP/IP layers, protocols, applications, and utilities to the 
OSI model. 

4: Ona Cisco router, show ip route displays the routing table. What are the numbers 
in brackets []? 

5: Subnetting, aggregation, VLSM, CIDR, supernetting, and summarization are all 
about moving bit boundaries. Which one(s) move the network mask bit boundary to 
the right? 

6: Assume you moved into apartment 172.16.3.10 (host address) located at 172.16 
Broad Creek Drive (network address). Other floors in the apartment building are 
numbered 172.16.1.0, 172.16.2.0, and 172.16.4.0. What floor (subnet) are you on? 
What are all the available hosts on that subnet? What is the directed broadcast 
address of your subnet? 

7: Compare the protocol and port numbers for telnet, RIP, FTP, and TFTP. 

8: You can ping by the IP address but not by the hostname. What is a very likely 
problem? 

9: You need to forward DHCP requests to another subnet, but you do not want to 


forward NetBIOS communications. Is this possible? 


10: What 10S command enables you to verify that RIP sends broadcast routing updates? 
To what address are broadcast updates sent? 


11: Using 192.168.5.0/24, address the network according to the following requirements: 
three LAN segments—one with 125 hosts, one with 50 hosts, and one with 25 
hosts—and at least two and maybe more WAN segments. 


12: You are having a problem with three subnets connected via two Cisco routers. Each 
router can ping its own interfaces but can't get to the far side of the other router. So 
you decide to putin the appropriate default route statement, but things still are not 
operational. You are not running routing protocols because default routes serve this 
scenario well. Can you spot the issue? 


Summary 


Shooting trouble with IP is not just crossing the bridge to get to the beach. As more and more 
companies are adopting IP-based networks, network engineers and analysts must continue to 
ensure the internetworks are available, reliable, redundant, responsive, accessible, and secure. 
Every one of you must understand TCP/IP end-to-end issues and know where to find the right 
tools and use the proper methods to make the IP world happy. This chapter reviewed IP 
protocols and packets, addressing, and routing protocol topics to get you started with IP 
troubleshooting. The next chapter examines |PX and many other hidden troubleshooting issues. 
Then the focus turns to Layer 2 LAN and WAN technologies to continue to build your practical 
troubleshooting skills. 


Chapter 4. Shooting Trouble with Novell 
IPX 


Much great networking matter came from Xerox Palo Alto Research Center (PARC). Novell 
NetWare is no exception; it was derived from Xerox Network Systems (XNS) in the early 1980s. 
It is a client-server network operating system (NOS) well known for its file and print services. 


Cisco routers are found in Novell networks because they offer features not available in Novell's 
own product implementations. This chapter focuses on common issues in supporting Novell 
clients, servers, and Cisco routers in a day-to-day practical environment. This chapter assumes 
knowledge of the previous chapters, which dealt with protocol characteristics, models, 
troubleshooting methods, support tools, resources, and TCP/IP communications. 

Throughout the chapter, you will apply a layered troubleshooting methodology to analyze real- 
world Novell IPX network issues, such as encapsulation, addressing, protocols, client 
initialization, and server login including routing and Service Advertisement Protocol (SAP) traffic. 
You will also identify targets and document the results using IPX ping, show, clear, debug, 
monitor, config, inetcfg, and other troubleshooting utilities; explore precaptured NetWare- 
related protocol analyzer files and sniff the network on your own to spot the issues. Analyze, 
break, fix, and learn from doing is what troubleshooting is all about. Supporting Novell is no 
different. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with |PX 
e Protocols and Packets 

e Addressing 

e Routing Protocols 

e Trouble Tickets 


e Trouble Tickets Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table |-1 in the Introduction. 


Scenario: Shooting Trouble with IPX 


This chapter starts with the same hands-on scenario you left off with at the Trouble Tickets at 
the end of the Chapter 3, "Shooting Trouble with | P." Now is a good time to erase your 
configurations from previous labs and configure the Cisco router portion according to Figure 4-1. 
Rewiring is not necessary unless you want the practice. 


Figure 4-1. Shooting Trouble with I PX 
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NOTE 


Like the preceding chapter, my lab uses the 2514, 2501, 3640, 3620, and 2516 Cisco 
routers; but yours can include any number of devices that have similar interfaces. See 
Appendix C, "Equipment Reference," for the hardware used throughout the book. 


The scenario goal is to configure the routers, servers, and clients using Internetwork Packet 
Exchange (IPX) as the routed protocol and IPX Routing Information Protocol (RIP) as the routing 
protocol to ensure end-to-end connectivity. More importantly, you need to document your steps 
andany problems along the way. Configure the routers starting with rl first and work your way 
through r5. 


Remember, however, that there is not always one right or wrong way to accomplish the tasks 
presented. The ability to obtain the end result using good practices is extremely important in any 
real-world network. Starting in Example 4-1, my troubleshooting and device configurations 
enable you to compare your work and perhaps see a different approach to obtaining the end 
result. Refer to Figure 4-1 as you continue to set up and troubleshoot. 


Although | give you Figure 4-1, it is really a better practice to draw your own network diagram. 
Alternatively, use different-colored pens or pencils and add to the IP scenario from the preceding 
chapter. Label interfaces DCE or DTE and document device names, locations, Layer 2 and Layer 
3 addresses, encapsulation types, routed and bridged protocols, access control lists (ACLs), and 
configuration files. Then verify full connectivity. Perform some simple ping ipx tests (as shown 
inTable 4-1), run show tech-support, and document everything. All of this gives you a starting 
point for normal baseline activity when your network is running well. Keep in mind that although 
NetWare 5.x and 6.x are native |P environments, | want you to concentrate on | PX-related 
baselining for this chapter. 


Table 4-1. 1 PX Troubleshooting Checklist 


Isolating Problems Commands and 
Symptoms 
On the Novell client: ipxroute config 
Physical cable and NIC ipconfig / all (if also 
running IP) 
Drivers, encapsulation, |PX address, other protocols 
slist 
Client software 
rconsole 


net config workstation 
net config server 


Use protocol analyzer to 
get addresses 


Network Neighborhood 


properties 
On the Novell server: config 
Physical cable and NIC display servers 
Drivers, encapsulation, IPX address, other protocols display networks 
Server software load monitor 


load inetcfg 
load startup.ncf 


load autoexec.ncf 


On the Cisco router: ipx ping- default ? 


Ping ping ipx 
externalipx.mac-address 

Show 
ping ipx 

Trace internalipx.0.0.1 

Debug show ipx interface 
brief 


Note: externalipx is the network number for the wire like an IP 
subnet number. internalipx is the network number internal to the show run interface eO 
Novell server. 
show ipx interface eO 
show interfaces e0 
show ipx servers 
show ipx route 

show protocols 

show ipx cache 

show ipx access-list 
show ipx traffic 
debug ipx routing ? 
debug ipx sap ? 


show tech-support 


NetBIOS, sockets, and name resolution issues See the IP checklist in 
Chapter 3 


Table 4-1 gives you a layered yet divide-and-conquer approach to quickly spotting | PX client, 
server, or router issues. Just as with troubleshooting IP, understanding the problem is most of 
the battle. You may find problems such as workgroup/domain issues, client issues, file and print 
services issues, protocol issues, primary network login issues, browser service issues, license 
issues, Directory services issues, socket issues, NetWare Loadable Module (NLM) issues, version 
issues, application issues, and so on. If you can't communicate with your local router interface, 
however, it is a little difficult to communicate with a remote host. If you can communicate with 
one remote host but not another, check the configuration on the other remote host. With 
NetWare, the client configuration is intentionally very simple. If the client gets the frame type 
(encapsulation) correct, it will likely work. 


NOTE 


When shooting Novell trouble, remember to check the following websites for help: 
Cisco (www.cisco.com/tac), Novell (support.novell.com), Microsoft 
(www.microsoft.com/technet), and other hardware and software vendors. 


Using the Figure 4-1 scenario diagram, configure r1 similar to what is in Example 4-1. 
Throughout the following examples, | have made a few careless mistakes that you may or may 
not make. | will troubleshoot them as required or when all my routers are configured. | am using 
the same terminal server configuration from Example 3-1 in Chapter 3. 


NOTE 


It is of extreme importance that you know the mode from which the command can be 

issued. At times | tend to issue global configuration commands in interface mode. This 
works just fine so long as you don't need help in the midst of the command. If you are 
unsure, however, type the command from the appropriate mode and make use of the 

Tab key and ? for help. 


Example 4-1. r1 Configuration (2514) 


Router>enable 

Router#configure terminal 

Router (config) #hostname r1 
rl(config) #enable password donna 
rl(config) #line vty 0 4 
rl1(config-line) #login 
r1l(config-line) #password donna 
rl(config-line) #interface serial 0 
r1l(config-if) #bandwidth 64 

rl (config-if) #exit 

rl(config) #ipx ? 

6 Unrecognized command 

r1(config) #end 

rl#show version 

Cisco Internetwork Operating System Software 


TOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 


System image file is "flash:c2500-i 
O0T03::53% @SYS=5=CONFIG_T: Configured from console by consoles=1..120=5..bain" 


cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory. 


8192K bytes of processor board System flash (Read ONLY) 


Configuration register is 0x2102 


NOTE 
The system file image name ended up with text in the middle of it. This can be quite 


annoying in practice. Had | turned on logging synchronous, things like this would 
not have been interrupted. You should turn this command on for your configurations. 


Obviously, there are some IPX issues with rl. Review the output and in particular the shaded 
areas. You may or may not have the same types of issues | am having. Hence you may be able 
to go a little further with your configuration. For now, if you are experiencing difficulty, you 
should continue on to configure r2 through r5. Actually, | am having similar issues with r2 
recognizing IPX, so | moved on to r3 in Example 4-2. 


Example 4-2. r3 Configuration (3640) 


Router (config) #hostname r3 

r3 (config) #enable password donna 
r3(config-line) #line vty 0 4 

r3 (config-line) #login 


r3(config-line) #password donna 


v3 (config-line) #interface serial 0/0 
r3(config—-if) #bandwidth 64 


r3(config-if) #clock rate 64000 


r3(config-if)#no shut 


r3(config-if) #ipx ? 
access-—group Apply an access list to inbound or outbound packets 


accounting Enable IPX accounting on this interface 


rip=multiplier Multiple of RIP update interval for aging of RIP routes 


rip-response-delay Delay in answering RIP on this interface 


Example 4-2 clearly shows that IPX is available and has many options on r3, whereas rl and r2 
both did not recognize |PX commands at all. You could have verified this at either the interface 
or global configuration mode. Continue to configure IPX on r3 as in Example 4-3 and Figure 4-1. 


Example 4-3. r3 Configuration (3640) 


r3(config-if) #ipx network ? 
<1-FFFFFFFD> IPX network number (default route enabled) 

r3(config-if) #ipx network 0580 

sMust give "ipx routing" command first 

r3 (config-if) #exit 

r3 (config) #ipx routing 

r3 (config) #interface serial 0/0 

r3(config-if) #ipx network 0580 

r3(config-if)#no shut 

r3(config-if) #interface serial 0/1 

r3(config-if) #bandwidth 64 

r3(config-if) #clock rate 64000 

r3(config-if) #ipx network 0564 

r3(config-if)#no shut 

r3(config-if) #interface serial 0/2 


r3(config-if) #bandwidth 64 


r3(config-if) #clock rate 64000 
r3(config-if) #ipx network 0548 
r3(config-if)#no shut 

r3(config-if) #interface fastethernet 2/0 
r3(config-if) #ipx network 0596 
r3(config-if)#no shut 

r3(config-if) #interface serial 0/3 
r3(config-if) #bandwidth 64 
r3(config-if) #ipx network 1022 
r3(config-if) #end 


r3#copy running-config startup-config 


Prior to configuring r4 and r5, take time to quickly review the shaded output in Example 4-3 
emphasizing the |PX configuration on r3. The IP routing process is enabled by default, but |PX 
routing is not. Ina practical environment, it is best practice to manually specify a node number 
for the serial interfaces to enable you to ping the serial interface using a known, predefined IPX 
node number. This is possible with the command ipx routing [node], where node could be 
something easy to remember such as 3.3.3 for your serial interfaces. Enabling |PX routing 
enables IPX RIP by default, as you will verify later with the show ipx route command. Quickly 
view the |PX network numbers, default encapsulation, and link status for r3 in Example 4-4. 


Example 4-4. r3 Configuration (3640) 


r3#show ipx interface brief 


Interface IPX Network Encapsulation Status IPX State 
Serial0/0 580 HDLC down [up] 
Serial0/1 564 HDLC down [up] 
Serial0/2 548 HDLC down [up] 
Serial0/3 1022 HDLC administratively down [up] 
Serial0/4 unassigned not config'd administratively down n/a 


Seriall/7 unassigned not config'd administratively down n/a 


FastEthernet2/0 596 NOVELL-ETHER up [up] 


Do not be concerned with the down status in Example 4-4 at this point for you really have only 
configured one router for IPX. Example 4-4 certainly illustrates that Cisco serial links default to 
High-Level Data Link Control (HDLC) encapsulation and that Ethernet defaults to Novell-Ether 
encapsulation (802.3). 


NOTE 


Frame types are potential lower-level |PX troubleshooting target areas in any Novell 
network where Cisco routers are involved. See the "Protocols and Packets" section for 
more detail. 


Continue configuring your routers as in Example 4-5. 


Example 4-5. r4 Configuration (3620) 


Router (config) #hostname r4 

r4 (config) #enable password donna 
r4(config) #line vty 0 4 

r4 (config-line) #login 
r4(config-line) #password donna 
v4 (config-line) #exit 

r4(config) #ipx routing 
r4(config) #interface serial 0/0 
r4(config-if) #bandwidth 64 
r4(config-if) #clock rate 64000 
r4(config-if) #ipx network 1022 
r4(config-if) #end 

r4#copy running-config startup-config 


r4#show ipx interface brief 


Interface IPX Network Encapsulation Status IPX State 


Ethernet0/0 unassigned not config'd administratively down n/a 
Serial0/0 1022 HDLC administratively down [up] 
Serial0/1 unassigned not config'd administratively down n/a 


The display for r5 in my lab is similar to rl and r2, so! did not bother to display it at this point. 

Configure your r5, analyze any problems, fix them, and document the particulars. Depending on 
your exact lab setup, you may or may not have these same issues, and you may have different 

ones. 


Example 4-6 gives you some hints as to the real problem. Use some of the tools you learned 
about in Chapter 2, "What's in Your Tool Bag?" and in other experiences to determine the issues 
and resolve the problems. 


Example 4-6. Current !1OS Versions in Flash 


r5#show flash 
System flash directory: 
File Length Name/status 

1 7567500 ¢2Z500=—1s=1.120=5. bin 
[7567564 bytes used, 9209652 available, 16777216 total] 
16384K bytes of processor board System flash (Read ONLY) 
r4#show flash 
System flash directory: 
File Length Name/status 

al 3971288 c3620=d=mz.113=9.7T 
[3971352 bytes used, 12805864 available, 16777216 total] 
16384K bytes of processor board System flash (Read/Write) 
r3#show flash 
System flash directory: 
File Length Name/status 


al 67s8eZ2es -cs3ed0=js=mz..120=13.. bin 


[6786352 bytes used, 9990864 available, 16777216 total] 
16384K bytes of processor board System flash (Read/Write) 
r2#show flash 
System flash directory: 
File Length Name/status 

ab 7567500 ¢2500-19=1.120-5..bin 
[7567564 bytes used, 9209652 available, 16777216 total] 
16384K bytes of processor board System flash (Read ONLY) 
rl#show flash 
System flash directory: 
File Length Name/status 

a 7567500 -c2500=i15=1.120=-5.ban 
[7567564 bytes used, 821044 available, 8388608 total] 


8192K bytes of processor board System flash (Read ONLY) 


Now that you determined that the problem routers are all 2500 series and that the installed |OS 
supports only IP, you need to determine your next step. Another critical component is how much 
RAM and Flash you have on each of the problem routers. Table 4-2 displays my findings. 


Table 4-2. Router Memory 


Router RAM in MB (show version) Flash in MB (show flash) 
rl- 2514 | 2/2 8 

r2- 2501 | 16/2 16 

r5- 2516 14/2 16 


rl does not have much RAM. | had some RAM and Flash memory that | swapped over from a 
spare router so that rl canrun the same IOS as r2 and r5. Refer to Figure 4-2 or check out 
Cisco.com for any RAM/Flash upgrades and upgrade your lab as necessary. For the rl |OS 
upgrade, upgrade the rl Flash memory from 8 MB to 16 MB and download the required | OS file 
from the Cisco.com Software Center to the TFTP server directory. 


Figure 4-2. rl RAM and Flash Upgrade 
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NOTE 


For the RAM/Flash upgrade, remove the slotted screw between the two pry slots on the 
router. Use a large flat- blade screwdriver to twist open the two-pry slots and remove 
the cover. | recommend you use a wrist strap to assist with static issues. Remove the 
old RAM/Flash, if required, and insert the new. My old RAM memory was 2 MB/2 MB, 
but my new RAM is 14 MB/2 MB, similar to what | have on r5 (as you can verify with a 
before and after show version). My old Flash memory was 8 MB, but my new one is 
16 MB, which you can verify with a before and after show flash command. 


The Flash is somewhat like a hard drive on a PC. Partition the Flash into one partition to hold a 
new IOS larger than 8 MB and verify the Flash memory upgrade on rl as in Example 4- 7.Figure 
4-2 illustrates the actual hardware upgrade. Refer to Cisco.com and Appendix B, 
"Troubleshooting Resources," for more information on Cisco hardware and software upgrades. 


Example 4-7. Partition Flash on rl 


rl(config) #partition flash ? 


<1=8> Number of partitions in device 


rl(config) #partition flash 1 


rl>show version 
Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(5), RELEASE SOFTWARE (fcl) 


System restarted by power-on 
System image file is "flash:c2500-is-1.120-5.bin" 


cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory. 


16384K bytes of processor board System flash (Read ONLY) 
Configuration register is 0x2102 
rl>show flash 
System flash directory: 
File Length Name/status 
al 7567500 -c2500=15-=1.120=5 bin 
[7567564 bytes used, 9209652 available, 16777216 total] 


16384K bytes of processor board System flash (Read ONLY) 


NOTE 


|InExample 4-7, | first partitioned the Flash into one partition. | exited completely out 
of enable mode just to illustrate that many commands are available from user mode. 
For example, show version shows not only the |OS version, but also the amount of 
RAM memory right from user mode. Likewise, show flash displays that 16 MB of Flash 
memory is available with about 9 MB free from user mode. 


The |1OS Upgrade Planner is a very useful tool here. Select the Software Center from Cisco.com 
to locate the |OS Upgrade Planner in the Tools section. Unless | can't find the feature | need, my 


preference is to work with General Deployment (GD) code. 12.2 is not GD at the time of this 


writing; however, 12.1 and 12.0 are. You need something to support your hardware using at 
least [IP and IPX as well as to enable you to experiment with other things in the scenarios and 
Trouble Tickets to come. For testing purposes in this book, use Enterprise Plus, if possible, to 
include more features. Although in a practical environment, you should standardize the code you 
use; it is fine to use different versions in the lab scenarios and Trouble Tickets in case there are 
more issues related to the versions you are using. Determine the best requirements for your own 
lab and upgrade the hardware and software as required. 


NOTE 


The Feature Navigator is very helpful in determining whether a given feature set or 
release level supports a given feature. Search by feature or release. Go to 


www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl or search for "feature navigator" on 
Cisco.com to explore this tool. 


Figure 4-3 displays the |OS Upgrade Planner. It displays the RAM and Flash memory 
requirements prior to download. Many times it gives you a link to critical issues (Such as this one 
does with the Must Read link to Simple Network Management Protocol [SNMP] vulnerability 
information). 


Figure 4-3. 1|OS Upgrade Planner 
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12.021a Enterprise Plus is GD. It requires a minimum of 6 MB RAM and 16 MB Flash as Figure 4- 
3 shows. Assuming you are logged in with your CCO account and have proper authorization, 
download the |OS now for use on rl, r2, andr5. 


Next you should use a PC-based TFTP server for your r1!1OS and configuration backup. | used 
PumpKin (see Figure 4-4), but any TFTP server is fine. Although not necessary, this step is 
highly recommended and is a good practice. Certainly, this would be an easier task if your 
routers were still configured from the end of the IP chapter, but it is best you know how to do 
this starting from no configuration at all. Follow along in Example 4-8 to set up the necessary 
connectivity and IP address parameters to perform the backup. 


Figure 4-4, r1 1OS and Configuration Backup to TFTP 


bu Fumpeey 


Active transfers 


Writing of °c2500-is-.120-5, bin’ of type ‘octet’ is requested by 192.168.5,.17 
P| Transter of 'c2500-is-+.120-5.bin' has successfully completed 

ae | Writing of ‘rl upgrd-config’ of type ‘octet is requested by 192.168.5.17 

I | Transfer of 'lupgid-config’ has successfully completed 


NOTE 


If you prefer, you can use just an Ethernet crossover and console cable from the TFTP 
PC to the router you are configuring at the time. Remember to save your software 
changes so they are still in effect when you reload the router. 


Example 4-8. r110OS and Configuration Backup to TFTP 


rl#show flash 


System flash directory: 


File Length Name/status 

aL 7567500 ¢2500-1s=1.120-5.bin 
[7567564 bytes used, 821044 available, 8388608 total] 
8192K bytes of processor board System flash (Read ONLY) 
rl#configure terminal 
rl(config) #interface ethernet 0 
rl(config-if)#ip address 192.168.5.17 255.255.255.240 
rl1l(config-if)#no shut 
rl (config-if) #end 


rl#copy running-config startup-config 


rl#ping 192.168.5.18 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.18, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms 
!!'tfirst copy the old IOS to the tftp server 

rl#copy flash tftp 

Source filename []? c2500-is-1.120-5.bin 

Address or name of remote host []? 192.168.5.18 


Destination filename [c2500-is-1.120-5.bin]? 


7567500 bytes copied in 94.196 secs (80505 bytes/sec) 


!!!next copy the configuration file to the tftp server 


rl#copy running-config tftp 


Address or name of remote host []? 192.168.5.18 


Destination filename [running-config]? rlupgrd-config 


645 bytes copied in 5.544 secs (129 bytes/sec) 


Now that you have prepared the hardware and made your backups, upgrade the |OS using the 
copy tftp flash command similar to Example 4-9. Follow the generic steps in Appendix B to 
upgrade the 1OS or use Cisco.com to research your exact requirements. Remember that the 
Flash is read-only on a 2500 series router because it is in fact a run-from-flash device. Use the 
config- register command to change to the boot helper mode (rxboot mode) so that you can 
change the Flash to read/write so that the router is ready to accept the new |OS. Remember that 
rxboot mode is an!P host implementation and will not work without the ip default-gateway 
statement unless the TFTP server is directly attached. 


NOTE 


Although | did not show the exact commands, my first couple of attempts to upgrade 
rl failed. After | replaced the bad Flash memory, Example 4-9 worked fine. Obviously, 
this is an issue you may not have, but perhaps you can learn from my troubles. Look 
up any specific error messages you run into on Cisco.com to get more comfortable with 
the tools Cisco offers. 


Example 4-9. rl 10S Upgrade from TFTP Server 


r1(config) #config-register 0x2101 


rl (config) #end 


rl#reload 
Proceed with reload? [confirm] 


00:18:07: %SSYS-5-RELOAD: Reload requested 


rl (boot) #copy tftp flash 
System flash directory: 
File Length Name/status 
al 5726508 ¢2500=-1-1.120=9 
[5726572 bytes used, 11050644 available, 16777216 total] 


Address or name of remote host [255.255.255.255]? 192.168.5.18 


Source file name? c2500-js—-1.120-21a.bin 


Destination file name [c2500-js-1.120-21la.bin]? 


Accessing file 


"ez2500=js=1.120=21a.bin" On 192...068 0.5: 28s 3.2 


Loading ¢2500=js=1.120=21la.bin from 192.168.5.18 (via Ethernet0): ! [OK] 


Erase flash device before writing? [confirm] 


Flash contains 


Copy 'c2500-js- 
as: “e2500=js= 


Erasing device. 


files. Are you sure you want to erase? [confirm] 
1.120-21la.bin' from server 
1.120-21la.bin' into Flash WITH erase? [yes/noly 


e5. SEeececceececececececececececececececececececececeecececececesc 


eeeece ...erased 


Loading ¢2500=js=1.120=21la.bin from 192.168.5.18 (via Ethernet0) : 


bo TT) TT TTT TC TV CTV a 


[OK - 10253564/16777216 bytes] 


Verifying checksum... OK (0xFA32) 


Flash copy took 0:05:55 [hh:mm:ss] 


rl (boot) #show flash 


System flash directory: 


File Length 


1 10253564 


Name/status 


e2900=js=1.120=218.bin 


[10253628 bytes used, 6523588 available, 16777216 total] 


16384K bytes of processor board System flash (Read/Write) 


rl (boot) #eonfigure terminal 


rl (boot) (config) #config-register 0x2102 


rl (boot) (config) #end 


rl (boot) #reload 


Proceed with reload? [confirm] 


CAUTION 
Be careful when you come out of config mode from changing the configuration register 
and issue the reload command. In boot helper (rxboot) mode, it is important not to 


save the configuration. If you save at this point, some commands may be lost because 
the bootstrap software does not support the full command set. 


Note how you were made to confirm more than once that you really wanted to erase Flash. 
Whether you need to erase depends on the amount of Flash installed and how much the IOS file 
or any configuration files use. A checksum is performed at the end of the copy to verify the 
upgrade. 


Using a PC-based TFTP server is not the only method available for this task. So to get familiar 
with another method, you should set up rl as a TFTP Server serving the |OS image for r2 and r5 


as in Example 4- 10. 


Example 4-10. Set Up rl as a TFTP Server 


rl(config) #tftp-server flash:c2500-—js—1.120-21a.bin 
rl(config) #interface ethernet 1 

rl(config-if)#ip address 192.168.5.33 255.255.255.240 
rl(config-if)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 


Now that rl is configured to serve up the |OS image, upgrade r2 using rl over the common 
Ethernet link as in Example 4-11. Verify that the |OS is in Flash. 


Example 4-11. r2 1OS Upgrade from r1 as a TFTP Server 


r2 (config) #interface ethernet 0 


r2(config-if) #ip address 192.168.5.34 255.255.255.240 


r2(config-if)#no shut 


r2(config-if) tend 


r2#copy running-config startup-config 


r2#copy tftp flash 
**** NOTICE **** 

Flash load helper v1.0 

This process will accept the copy options and then terminate 

the current system image to use the ROM based image for the copy. 

Routing functionality will not be available during that time. 

If you are logged in via telnet, this connection will terminate. 

Users with console access can see the results of the copy operation. 
Hn KKK KKK KR UU 

Proceed? [confirm] 

Address or name of remote host []? 192.168.5.33 

Source filename []? c2500-js—-1.120-21a.bin 

Destination filename [c2500-js-1.120-21la.bin]? 

Accessing tft: //192.168.5.323/62500=7s=1.120=21 a bin. ..< 

Erase flash: before copying? [confirm] 

01:10:07: %SSYS-5-RELOAD: Reload requested 

SSYS-4-CONFIG_NEWER: Configurations from version 12.0 may not be correctly 

understood. 

Sr LHe e2500=js=L.120=2la. bin. from 192.168..5.33 to flash 

System flash directory: 

File Length Name/status 

1 1567500: 6€2500=1s-1.120=5 bin 


[7567564 bytes used, 9209652 available, 16777216 total] 


Aceessing file “e2500—7s=1.120-214a.bin" On 1924168655335: 


Loading ¢2500=]s=1.120=21la.bin from 192.168.5.33 (via Ethernet0): ! [OK] 
Erasing device... eeeeeececeecececeeececeecececececececececececeececeeceeeeeeee 
eeceeseeceee . «erased 


Loading c2500=)]5=1.120=21a.bin from 192.168.5.33 (via Bthernetd) : 


ot eee ECE Tees ER Pee eA Cee eee eS ee Ue ERS eee eee eer 
[OK - 10253564/16777216 bytes] 
Verifying checksum... OK (0xFA32) 
Flash copy took 0205203. [hh¢mmn:ss'] 
SFLH: Re-booting system after download 
F3: 10029384+224148+563164 at 0x3000060 
Restricted Rights Legend 


Use, duplication, or disclosure by the Government is 


Cisco Internetwork Operating System Software 


TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl) 


cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory. 


16384K bytes of processor board System flash (Read ONLY) 


r2>show flash 
System flash directory: 
File Length Name/status 
1 10253564 /¢2500—js-1.120-2la.bin 
[10253628 bytes used, 6523588 available, 16777216 total] 


16384K bytes of processor board System flash (Read ONLY) 


Example 4-11 shows how Flash load helper was invoked to copy the image, which included the 
appropriate configuration register and reboot requirements. The new IOS file is now in Flash. 
Appendix B offers more information on router bootup and configuration register parameters. 


Prepare r5 for |PX by upgrading the |OS using rl as a TFTP Server over the 64 kbps serial link as 
inExample 4-12. Perform the upgrade from boot helper (rxboot) mode. 


Example 4-12. Preparing rl and r5 for the Upgrade 


rl(config) #interface serial 0 
rl(config-if)#ip address 10.1.1.1 255.255.255.0 
rl(config-if)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 
r5(config) #interface serial 0 

r5(config-if) #clock rate 64000 

r5(config-if)#ip address 10.1.1.2 255.255.255.0 
r5(config-if)#no shut 

r5(config-if) #exit 

r5 (config) #config-register 0x2101 

r5 (config) #exit 

r5#reload 


System configuration has been modified. Save? [yes/no]: y 


16384K bytes of processor board System flash (Read/Write) 


The shaded output in Example 4-12 illustrates how to change r5 to rxboot mode so that the 
Flash is read/write. Now you can copy the new |OS from rl tor5 as in Example 4-13. 


Example 4-13. r5 1OS Upgrade from r1 as a TFTP Server 


r5 (boot) >enable 
r5 (boot) #copy tftp flash 
System flash directory: 
File Length Name/status 

i 7567500 <c2Z500=—1s=1.120=5.bin 
[7567564 bytes used, 9209652 available, 16777216 total] 
Address or name of remote host [255.255.255.255] ?10.1.1.1 
Source file name? c2500-js-1.120-21a.bin 
Destination file name [c2500-js-1.120-21la.bin]? 
Accessing file “ce2500=38=1.120-2la.bin* on, PO.1s41 606 wns 


Loading ¢c2500=)]Ss=1.120=2la.ban. from LO.1.1.1 (via Serzald):. ! [OK] 


Erase flash device before writing? [confirm] 

Flash contains files. Are you sure you want to erase? [confirm] 
Copy 'c2500-js-1.120-2la.bin' from server 

as 'c2500-js-1.120-21la.bin' into Flash WITH erase? [yes/noly 


Erasing device... eeeeceeeeceeeceececececececeeceeceeeeeeeececeeceeceececeeceeeecece 


eeeeeceee ...erased 


Loading ©2500=jSs=1.120=21e.bin trom 10.1.1.1 Gra Serial) : 


[OK — 10253564/16777216 bytes] 
Verifying checksum... OK (0xFA32) 
Flash copy took 0:28:32 [hh:mm:ss] 

r5 (boot) #eonfigure terminal 

r5 (boot) (config) #config-register 0x2102 


r5 (boot) (config) #end 


r5 (boot) #reload 


System configuration has been modified. Save? [yes/no]: n 


Warning: Attempting to overwrite an NVRAM configuration written 
by a full system image. This bootstrap software does not support 
the full configuration command set. If you write memory now, some 


configuration commands may be lost. 


Cisco Internetwork Operating System Software 


TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl) 


cisco 2516 (68030) processor (revision J) with 14336K/2048K bytes of memory. 


Processor board ID 02959130, with hardware revision 00000000 


16384K bytes of processor board System flash (Read ONLY) 


Press RETURN to get started! 


The r5 1OS Flash copy took 28 minutes 32 seconds to complete, which is quite a bit of time 
difference between this 64k link and the 10-MB Ethernet from the previous example. As with 
anything else, more is normally better. The faster bandwidth is the better download method if in 
fact you have a choice. Note the shaded message about the NVRAM overwrite that | previously 
warned you about if you save while in rxboot mode. 


NOTE 


| had you use different methods to upgrade the |OS on your routers just so you would 
become familiar with the different methods. However, all of my methods involved the 
TFTP server being local to the device you were copying to. If the TFTP server is not 
directly connected, you need to configure the ip default-gateway statement on your 
routers. 


Now that all your routers are |PX-capable and more, configure the rest. Remove any IP 
configuration on the routers and configure |PX; enable password, enable secret, and telnet 
passwords on all routers as in Example 4- 14. 


NOTE 


Proper planning would certainly have eliminated the 1OS upgrade in the midst of trying 
to configure IPX. This goes back to methodology and knowing your requirements up 
front. It is critical for you to keep that in mind for practical application. 


Example 4-14. rl | PX Configuration 


r1l(config) #line console 0 
rl (config-line) #logging synchronous 
rl (config-line) #exit 


rl(config) #enable password donna 


rl(config) #enable secret donna 

The enable secret you have chosen is the same as your enable password. 
This is not recommended. Re-enter the enable secret. 
rl(config) #line vty 0 4 

r1l(config-line) #login 

r1(config-line) #password donna 

rl (config-line) #exit 

rl(config) #ipx routing 

rl(config) #interface ethernet 0 

rl (config-if) #description rleO to hosta and hostb 
rl(config-if) #ipx network 0516 

rl(config-if)#no ip address 

rl(config-if)#no shut 

rl(config-if) #interface ethernet 1 

r1l(config-if) #description rlel to r2e0 
r1l(config-if) #ipx network 532 

rl(config-if)#no ip address 


r1l(config-if)#no shut 


rl1(config-if) #interface serial 1 


rl(config-if) #description r1lsl1 to r3s0/0 
rl (config-if) #ipx network 580 
r1l(config-if)#no ip address 
rl(config-if) #bandwidth 64 
rl(config-if)#no shut 

rl(config-if) #interface serial 0 

rl (config-if) #description risO to r5s0 
rl(config-if) #ipx network 1011 
r1l(config-if) #bandwidth 64 
rl(config-if)#no ip address 
rl(config-if)#no shut 

rl (config-if) #end 


rl#copy running-config startup-config 


On rl, | put in the enable password and enable secret password. The |OS recommended | 
didn't make them the same password because of security, but it took the password anyway. The 
show running-config command in Example 4-15 shows the enable password in clear text, so it 
is pretty easy to guess the enable secret in this example. Verify this and the other IPX-specific 
parameters as in Example 4-15. Notice how the !OS puts a 5 before the enable secret password 
for the MD5-type of encryption. 


NOTE 


Most people insist on typing enable secret password when the command is actually 
justenable secret. A good guess for the enable secret password is spacebar 
password or spacebar password spacebar or some combination of that followed by the 
word the person thinks is the password. If you are not such a good guesser, Cisco has 
great documentation on password recovery at 
www.cisco.com/warp/public/474/index.shtml. Check out this website, Cisco.com, and 
Appendix B for more detail. 


Example 4-15. rl Running Configuration 


rl#show running-config 

Building configuration... 
Current configuration: 

version 12.0 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
hostname rl 

enable secret 5 $1$m0s2$Pq/6.NpOCSzhbQI1Ny.cnG/ 
enable password donna 

ip subnet-—zero 

ipx routing 0000.0c8d.6705 


interface Ethernet0O 


description rleO to hosta and hostb 


no ip address 


no ip directed=broadcast 


no ip route-cache 


no ip mroute-cache 


ipx network 516 


interface Ethernetl 


description rlel to r2e0 


no ip address 


no ip directed-broadcast 


no ip route-cache 


no ip mroute-cache 


ipx network 532 


interface Serial0O 


description risO to r5s0 


bandwidth 64 

no ip address 

no ip directed-broadcast 
no ip route-cache 

no ip mroute-cache 

ipx network 1011 
interface Seriall 
description risl to r3s0/0 
bandwidth 64 

no ip address 

no ip directed-broadcast 
no ip route-cache 

no ip mroute-cache 

ipx network 580 

ip classless 
tfitp=server ftlashie2500-js=1.120-214.bin 
line con 0 

logging synchronous 
transport input none 
line aux 0 

transport input all 

line vty 0 4 

password donna 

login 


end 


Notice that both the enable password and enable secret passwords are in the configuration. 
When the enable and enable secret passwords are configured, the enable secret always 
takes precedence. Feel free to make the enable and enable secret passwords different 


sometime to prove that theory. In a practical sense, just use enable secret. 

Look at the shaded IPX routing line. There is a number after it that you did not configure. If you 
were to issue the show ipx interface ethernet 0 command, you would see the |PX address as 
516.0000.0c8d.6705. Because you did not specify the optional node parameter when you 
configured IPX routing, the router configured it for you. It borrowed the first available Ethernet 
MAC address for this purpose. Duplication is not a problem here because the external network 
number (wire number) differs for each link. Because Novell uses a MAC address for the node, 
you must either configure it or accept the default for your serial interfaces. Although you may 
not see the relevance of configuring your own node address for the serial links now, it is best 
practice to do so (as you will experiment with in the Trouble Tickets). Compare the IPX network 
numbers in the configuration against Figure 4-1 to see that the leading Os are suppressed. 
Notice also that r1 is still configured as a TFTP server for the |OS image. Now configure r2 per 


Figure 4-1 as in Example 4-16. 


NOTE 
Because you are familiar with hostnames, passwords, logging synchronous, and such, | 
am only showing the I PX global and interface configurations for the rest of the routers. 


Assume a bandwidth of 64 kbps and clock rate of 64000 unless specifically mentioned 
to be something else. 


Example 4-16. r2 | PX Configuration 


r2 (config) #ipx routing 

r2 (config) #interface ethernet 0 

r2 (config-if) #description r2e0 to rlel 
r2 (config-if) #ipx network 532 
r2(config-if)#no ip address 
r2(config-if)#no shut 

r2 (config-if) #interface serial 1 
r2(config-if) #description r2sl1 to r3s0/2 
r2 (config-if) #ipx network 548 
r2(config-if)#no ip address 

r2 (config-if) #bandwidth 64 
r2(config-if) #no shut 


r2 (config-if) #interface serial 0 


r2(config-if) #description r2s0O to r3s0/1 
r2 (config-if) #ipx network 564 
r2(config-if)#no ip address 
r2(config-if) #bandwidth 64 


r2(config-if)#no shut 


r2(config-if) #end 


r2#copy running-config startup-config 


Now configure r3 per Figure 4-1 as in Example 4-17. 


Example 4-17. r3 1 PX Configuration 


r3(config-line) #ipx routing 

r3 (config) #interface serial 0/0 
r3(config-if) #description r3s0/0 to risl1 
r3(config-if) #ipx network 580 
r3(config-if)#no ip address 
r3(config-if) #bandwidth 64 

r3(config-if) #clock rate 64000 
r3(config-if)#no shut 

r3(config-if) #interface serial 0/1 
r3(config-if) #description r3s0/1 to r2s0 
r3(config-if) #bandwidth 64 

r3(config-if) #clock rate 64000 
r3(config-if) #ipx network 564 
r3(config-if)#no ip address 
r3(config-if)#no shut 


r3(config-if) #interface serial 0/2 


r3(config-if) #description r3s0/2 to r2s1 
r3(config-if) #handwidth 64 

r3 (config-if) #eclock rate 64000 
r3(config-if) #ipx network 548 
r3(config-if)#no ip address 
r3(config-if)#no shut 

r3(config-if) #interface serial 0/3 
r3(config-if) #description r3s0/3 to r4s0/0 
r3(config-if) #handwidth 64 
r3(config-if) #ipx network 1022 
r3(config-if)#no ip address 
r3(config-if)#no shut 

r3(config-if) #interface fastethernet 2/0 
r3(config-if) #description r3fa2/0 to hostc 
r3(config-if) #ipx network 596 
r3(config-if)#no ip address 
r3(config-if)#no shut 

r3 (config-if) tend 


r3#copy running-config startup-config 


Now configure r4 per Figure 4-1 as in Example 4-18. 


Example 4-18. r4 | PX Configuration 


r4(config) #ipx routing 
r4(config) #interface serial 0/0 
r4(config-if) #description r4s0/0 to r3s0/3 


r4(config-if) #ipx network 1022 


r4(config-if)#no ip address 
r4(config—-if) #bandwidth 64 
r4(config-if) #clock rate 64000 
r4(config-if) #no shut 
r4(config-if) tend 


r4#copy running-config startup-config 


Now configure r5 per Figure 4-1 as in Example 4-19. 


Example 4-19. r5 1 PX Configuration 


r5(config) #ipx routing 

r5(config) #interface serial 0 
r5(config-if) #description r5s0 to r1s0O 
r5(config-if) #handwidth 64 
r5(config-if) #eclock rate 64000 
r5(config-if) #ipx network 1011 
r5(config-if)#no ip address 
r5(config-if)#no shut 
r5(config-if) #end 


r5#copy running-config startup-config 


Now that 1PX is configured on the routers in your lab, use Example 4-20 as a guide to test 
routers 1 through 5. Compare the output to your IPX scenario drawing to spot any issues and to 
document the network. 


Example 4-20. rl Testing 


rl>show ipx interface brief 


Interface IPX Netwo 
Ethernet0 516 
Ethernetl D232 
Serial0 LOLL 
Seriall 580 


rl#show ipx route 


rk 


Enca 


NOVE 


NOVE 


HDLC 


HDLC 


Codes: C - Connected primary network, 


psulation Status 


LL-ETHER up 


LL-ETHER up 


up 


up 


IPX State 


[up] 


[up] 


[up] 


[up] 


c - Connected secondary network 


S - Static, F - Floating static, L - Local (internal), W - IPXWAN 


R= RIP; EH = EIGRP, N =. NLUSP, 


s - seconds, u - uses, 


X - External, A - Aggregate 


U -— Per-user static 


7 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 


No default route known. 


Cc 516 (NOVELL-ETHER), Et0O 
c 532 (NOVELL-ETHER), Etl 
Cc 580 (HDLC), Sel 
GC 1011. (HDLC); Se0 
R 548 [02/01] via 532.0000.0c38.a05d, 
R 564 [02/01] via 532.0000.0c38.a05d, 
R 1022 [07/01] via 580.00b0.6481.¢e300, 


rl#show ipx servers 

rl#show protocols 

Global values: 
Internet Protocol routing is 
IPX routing is enabled 


EthernetO is up, line protocol 


IPX address is 516.0000.0c8d. 


Ethernetl is up, line protocol 


IPX address is 532.0000.0c8d. 


enabled 


is 


67 


is 


67 


up 


05 


up 


06 


45s, 


45s, 


45s, 


Etl 


Etl 


Sel 


SerialO is up, line protocol is up 
IPX address is 1011.0000.0c8d.6705 
Seriall is up, line protocol is up 


IPX address is 580.0000.0c8d.6705 


The 1OS commands used in Example 4-20 prove quite helpful for spotting Novell issues. You 
have been using show ipx interface brief throughout this chapter to get a basic idea of the 
networks, encapsulation types, and status thereof. The next command, show ipx route, is 
extremely helpful. For instance, count the wires on your Figure 4-1 diagram. | count eight wires, 
but only see seven networks on the router display. Looking at the show ipx route display and 
my drawing helps me to determine that the missing network is 596. Router 2 is a little closer to 
the destination network. Investigate whether it can see network 596 (as in Example 4-21). No 
|PX servers are listed yet, and the output of show protocols is extremely helpful to inform you 
that |PX routing is in fact on, but better yet, all your node addresses are in one place. 


Example 4-21. r2 Testing 


r2#show ipx route 


7 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 


No default route known. 


Cc 532 (NOVELL-ETHER), Et0O 
Cc 548 (HDLC), Sel 
Cc 564 (HDLC), Se0 
R 516 [02/01] via 532.0000.0c8d.6706, Os, EtO 
R 580 [02/01] via 532.0000.0c8d.6706, Os, EtO 
R 1011 [02/01] via 532.0000.0c8d.6706, Os, EtO 
R 1022 [07/01] via 564.00b0.6481.¢e300, 45s, Se0 


The problem still exists, for r2 does not see any more networks than rl does. Because the 
missing network is off of r3, move your testing closer to the problem (as | do in Example 4-22). 
A layered troubleshooting approach is critical here, because the real problem in my lab is a loose 
cable on r3 fa2/0, which completely isolates network 596. Pull your cable or completely power 
off hostc to simulate the issue. Assuming you don't have a lot of network activity, you might also 


find it helpful to turn on debug ipx routing events to watch what is happening with the routing 
updates. 


Example 4-22. r3 Testing 


r3#show interfaces fastethernet 2/0 


FastEthernet2/0 is up, line protocol is down 


Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.¢300) 


r3#debug ipx routing ? 
activity IPX RIP routing activity 
events IPX RIP routing events 
r3#debug ipx routing events 
IPX routing events debugging is on 
c3#!!!plug in the cable and/or turn hostc on 
03:48:35: IPXRIP: 548 FFFFFFFF not added, entry in table is static/ 
connected/internal 
03:48:35: IPXRIP: 564 FFFFFFFF not added, entry in table is static/ 
connected/internal 
O32748:36% IPXRIP: positing full update to S80..ffLE.ErEL.LELE via 


Serial0/0O (broadcast) 


03:48:47: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, 


changed state to up 


03:48:47: IPXRIP: Marking network 596 FFFFFFFF for Flash Update 

03:48:47: IPXRIP: General Query src=596.00b0.6481.e300, dst=596.ffff.ffff. fff, 
packet sent (via FastEthernet2/0) 

03:48:47: IPXRIP: positing flash update to S80.fffL.fELL. ELLE via 
Serial0/0 (broadcast) 


03248:47: IPXRIP: positing flash update to S64.fffL.£ELL.f£Ltet via 


Ost 


Os 


OS 


Orsi 


Osi 


Ons" 


Serial0/1 (broadcast) 
487473 TPXRIP? positing flash update to S48 ..ffri. fire. fret vad 
Serial0/2 (broadcast) 
4874/3 IPXRIP: positing flash update to L0Z2.ffLE. ETE .Lrie via 
Serial0/3 (broadcast) 
A8747% IPXRIP? positing flash update to S96.fEfEE.fETE. ELLE vue 
FastEthernet2/0 (broadcast) 
48:47: IPXRIP: positing full update to 596.ffff.ffff.ffff via 
FastEthernet2/0 (broadcast) 
48:47: IPXRIP: suppressing null update to 596.ffff.ffff.ffff 
(FastEthernet2/0) 
48:47: IPXRIP: 596 FFFFFFFF not added, entry in table is static/ 


connected/internal 


r3#undebug all 


All possible debugging has been turned off 


r3#show ipx route 


8 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 


Cc 


No default route known. 
548 (HDLC), Se0/2 
564 (HDLC), Se0/1 
580 (HDLC), Se0/0 


596 (NOVELL-ETHER), Fa2/0 


O22 <HDUC)» Se0/3 
516 [07/01] via 580.0000. 0e8d.6:705, 25s, Se0/0 
532 ([O7/01] via 564. 0000. 0¢e36.a05d, 56s, Se0/1 


1011 [07/01] via 580.0000.0c8d.6705, 25s, Se0/0 


v3# 


When you fixed the issue, a Flash update was immediately sent to update the routing tables. 
Network 596 now displays, so continue testing and troubleshooting r4 and r5. 


All eight networks are present in rl through r5, but when did you turn on RIP? Actually you 
never turned on!PX RIP; it comes automatic with |PX. This was definitely not the case in the 
Chapter 3 with IP RIP. 


This is a great time to further document your scenario drawing. As you can tell from the previous 
examples,show protocols is great for address documentation. | often log this type of data to a 
log file with SecureCRT. | just choose Log Session from the File menu, turn it off when! have 
captured the appropriate data, and rename the SecureCRT session file. Alternatively, you can 
use the HyperTerm Transfer menu to capture text. For more |PX-related commands and 
information, familiarize yourself with show tech-support in an | PX environment (as! doin 
Example 4-23). Because you are familiar with many of the individual commands, much of the 
output is omitted. 


Example 4-23. show tech-support in an | PX Environment 


rl#show tech-support 


show version 


show running-config 


show controllers 


show stacks — 


show interfaces 


show region 


show process memory 


show process cpu -- 


show buffers == 


Now that this chapter's |PX lab scenario is configured from the router point of view, turn your 
attention to the following section, "Protocols and Packets." It starts with a layered approach to 
the Novell NOS to review IPX concepts, symptoms, problems, and action plans. There are more 
walk-through scenarios and practical Trouble Tickets for you to explore, because, after all, you 
learn more by doing; besides you need to configure your Novell server and clients. For those 
who do not have equipment handy or the desire to work with Novell anymore, | will continue to 
include many relevant figures and examples so that you, too, can shoot trouble with IPX. 


However, you will find that | am a firm believer in letting routers route and servers serve. 


Protocols and Packets 


Applying what you have learned to real-world troubleshooting is important for the successful 
support person. Starting with Table 4-3, | compare some of the protocols, applications, and 
utilities at each layer of Novell's IPX/SPX stack to the TCP/IP suite to assist you with supporting 
day-to-day internetworks. 


Table 4-3. Novell Protocols, Applications, and Utilities 


Layer | 1SO'sOSI DoDTCP/ IP Novelll PX/ SPXStack 
Model Suite 
a Application Application Applications 
NetBIOS 
NcPEL 
6 Presentation SAPE1 
RIP 
NLSPLEl 
5 Session 
4 Transport Transport SPX 
Host-to- Host 
3 Network Internet | PX 
2 Data Link Data Link Various LAN/WAN technologies such as Ethernet, 
1 Physical Physical Token Ring, FDDI, Frame Relay, HDLC, PPP 


(*] NCP = NetWare Core Protocol 


(*] SAP = Service Advertisement Protocol 


(*] NLSP = NetWare Link State (Services) Protocol 


Networks today are predominantly IP, but IPX still exists. NetWare 5 and 6 run native IP, but 
earlier Novell networks used Novell's own flavor of IP. Internetwork Packet Exchange (IPX), like 
IP, is a connectionless datagram delivery routed protocol that encompasses the upper five layers 
of the OSI model. IPX relies on its counterpart Sequenced Packet Exchange (SPX) for reliability 
like IP relies on TCP or an upper-layer application. At Layer 2, |PX supports media such as 
Ethernet, Token Ring, FDDI, Frame Relay, HDLC, and PPP. However, the main | PX 
troubleshooting target at Layer 2 is encapsulation. 


NOTE 


With NetWare, the client configuration is intentionally very simple. If the client gets the 
frame type (encapsulation) correct, it will likely work. 


Frame Types 
Encapsulation, frame format, frame type—they all mean the same thing, which is packaging the 


upper-layer data, voice, or video into a Layer 2 frame. Compare the IPX and IP framing 
examples in Figure 4-5. 


Figure 4-5. IP/ 1PX Encapsulation 


Ethernet || Frame Ethernet 802.3 Frame 
IP Packet IPX Packet 
TCP Segment SPX Segment 


Frame types are not just another table to memorize to take a Cisco test. They are real 
troubleshooting targets regardless of the upper-layer protocols. For instance, machines running 
only Ethernet_II cannot see machines running only Ethernet_802.3 and vice versa. On the Cisco 
side, subinterfaces and secondary addresses support multiple frame types, and on the Novell 
server side you can bind multiple frame types to the NIC or use multiple NICs. Be aware, 
however, that running multiple frame types affects network speed and performance. Routers 
assist with multiple frame types by stripping the Layer 2 package and repackaging it according 
to the destination network address. 


Although frame formats are covered more thoroughly in Chapter 5, "Shooting Trouble with 
Ethernet," they are covered briefly here because you must at least be familiar with them to 
support the Novell environment. Review them in Table 4-4. 


Table 4-4. Frame Formats 


| 802.3 [ PX 


e 802.3 RAW is Novell's 802.3 for IPX over Ethernet. 
e Uses 802.3 length field but not 802.2 LLC (SAPs) 


e First 2 bytes in data field are set to FFFF. 


| 802.3 | 802.2 LLC | |PX 


e 802.2 is IEEE's 802.3 for IPX over Ethernet (and other Layer 2 technologies). 
e |PX uses DSAP and SSAP of e0. (SAP is the Layer 2 pointer to the Layer 3 protocol.) 


e Uses length field. 
| 802.3 | 802.2 LLC SNAP | IPX | 


e SNAP has 802.3, 802.2 SAP, and SNAP headers. 


e Uses length field. 


e DSAP and SSAP are AA in the LLC header. 


Ethernet || PX 


e Ethernet II is Digital Intel Xerox (DIX) Ethernet. 


e |PX uses an EtherType field of 8137/8138. (EtherType is the pointer from Layer 2 to the 
Layer 3 protocol.) 


NOTE 


Unfortunately many acronyms are re-used in the industry. 802.2 LLC SAPs are service 
access points or pointers to the Layer 3 protocol. They have nothing to do with the 
Novell Service Advertisement Protocol (SAP). 


The default frame type on Novell servers varies from NetWare version to NetWare version. In the 
next chapter, you will use your protocol analyzer to analyze the frame types in more detail, but 
for now use the following NetWare version list as a guide: 


e Ethernet_Il is the default for NetWare 5.x and 6.x for Ethernet links. 


e HDLC is the default for serial links. 


e Ethernet_ 802.3 is the default for NetWare 3.11 and prior for Ethernet links. 


e Ethernet_802.2 is the default to NetWare 3.12 through 4.x for Ethernet links. 


e SNAP is the default for Token Ring and FDDI. 


NOTE 


In a TCP/IP Ethernet environment, Cisco defaults to ARPA, whereas in a Novell | PX 
network, Cisco defaults to Novell-Ether. In either case, serial links default to HDLC 
encapsulation. However, Cisco has never changed their default |PX frame type. If 
NetWare is using IP, there is no IPX, so there is no issue with IPX frame types. Hence, 
there is some validity to drop the X in IPX and things work just fine. 


Table 4-5 illustrates the Cisco names and Novell names for the various frame types. This is not 
only critical CCNA/CCNP material but information you need to configure |PX on Cisco routers in 


the real world. 


Table 4-5. Cisco Encapsulation/ Novell Frame Type Examples 


802.2 LLC SAP pointer 
to Layer 3 


Cisco Novell Frame Description Novell Version Default 
Encapsulation Type 
ARPA Ethernet_Il EtherType pointer to NetWare 6.x 
Layer 3 
(Default for IP NetWare 5.x 
Ethernet) 
SAP Ethernet_ 802.2 Length field NetWare 3.12 through 


NetWare 4.x 


Novell-Ether Ethernet_ 802.3 Length field NetWare 3.11 and below 
(Default for |PX 
Ethernet) 
SNAP Ethernet_SNAP Length field SNAP default for Token 
Ring and FDDI 
802.2 LLC SAP 
SNAP header 
HDLC HDLC Serial links All versions for serial 


links 


Now is a good time to bring a Novell server online or to investigate my scenario so that you can 
witness a practical example of framing issues. My Novell server is a 4.11 box that is also serving 
as a GroupWise mail server. However, my Novell server, named gwise is beeping pretty loud and 
quite often right now. Example 4-24 displays the server output that is occurring about every 60 
seconds. 


Example 4-24. Bringing the Novell NetWare 4.11 Box Online 


#4-01-02 6:26; 36pm: IPXRTR-6.50-2 
RIP router conkiguration error detected. 


Node 00000C8D6705 claims network address 8DA0A850 should be 00000516. 


What is wrong? You can press Ctrl+Esc to see the current screens on the Novell server and type 
help at the NetWare console (GWISE: server prompt) for hints and help with Novell commands. 


From the server console, | issued the load monitor command to look at the Available Options 


menu and found the LAN/ WAN information to be quite useful. Example 4-25 displays the 
information | gleaned from the Novell monitor. 


Example 4-25. load monitor Displays the Bindings 


#NE2000_1_E82 [NE2000 port=300 int=A frame=ETHERNET_802.2] 
NE2000_1_E83 [NE2000 port=300 int=A frame=ETHERNET_802.3] 


NE2000_1_EII [NE2000 port=300 int=A frame=ETHERNET_IT] 


Pressing Enter on each of the bindings in the preceding example yields the following information: 


e 802.2 binding: 
Node address 008029E85C6B 
|PX network address 8A4A85A5 
e 802.3 binding: 
Node address 008029E85C6B 


|PX network address 8DAOA850 


e Ethernet I! binding: 
Node address 008029E85C6B 
Address Resolution Protocol (ARP) and IP protocols 


The NetWare display networks command shows the following networks: 346648E2, 8A4A85A5, 
and 8DAOA850. 346648E2 is the IPXinternal network number for the server, which always has a 
node address of 000000000001. The others are |PX external numbers that are bound to the NIC. 
8A4A85A5 is for frame type 802.2, and 8DA0A850 is for frame type 802.3. Look back at the 
original problem and note that the server is saying that 8DA0A850, the 802.3 network, should 
be 516. Refer back to Figure 4-1 to confirm the whereabouts of |PX network 516 to determine 
the issue. 


NOTE 


The exact error message is often helpful when trying to find the problem. This one 
happens to be: "RIP router configuration error detected. Node 00000C8D6705 claims 
network address 8DA0A850 should be 00000516." 


Next | typed load edit to bring up the Novell autoexec.ncf file, but my parameters were 
transferred to a netinfo.cfg file by the inetcfg NLM. So! typed load inetcfg to configure the 
correct network for frame type 802.3. Remember the default frame type for NetWare 4.x is 
Novell 802.2 or Cisco SAP, which is the issue here. From the inetcfg menu, | picked 
Internetworking Configuration and then the Bindings submenu to change the 8DAOA850 network 
to 516. For the commands to take effect, | had to type the reinitialize system command. 


You can do the same thing in multiple ways. For example, instead of using the menus as | did, 
you could do everything from the Novell server console prompt, where you would have to issue 
theunbind command first and then bind. In addition, instead of downing and exiting the 
console, you certainly could issue the down command and then restart server, or down, then 
exit, and then server.Example 4- 26 illustrates loading drivers and binding I PX to the NIC at 
the console. 


Example 4-26. Loading Drivers and Binding I PX to the NIC at the 
Console 


LOAD NE2000 NAME=NE2000_1_E83 FRAME=ETHERNET_802.3 INT=A PORT=300 


BIND IPX NE2000_1_E83 NET=516 


NOTE 

Whether from the command line or inetcfg, these commands prove quite helpful in a 
Cisco/Novell support environment; after all, incorrect frame types are a common issue 
between Novell and Cisco devices. Multiple frame types are supported in Novell and 


Cisco, although not a best practice. On Cisco devices, the preferred method is to 
configure subinterfaces, but secondary addresses still work too. 


That did it. You fixed the beep and can see the following networks, including the tick/hop count 
withdisplay networks at the server console: 

e 5160/1 

e 5321/2 

e 548 2/3 

° 564 2/3 


580 2/3 


596 2/8 


1011 1/2 


1022 2/8 


346648E2 0/1 (internal IPX number) 


8A4A85A5 0/1 


NOTE 


Ticks/hops and the network numbers are explained in the section "Internet Layer 
Protocols, Applications, and Utilities" later in this chapter. 


NOTE 


The Cisco equivalent command to Novell's display networks is show ipx route. 
Remember that as with other protocols, all routes can be cleared to force convergence 
withclear ipx route *, but clearing an individual route is preferable and therefore not 
as much of a career-limiting move (CLM) in the practical environment. 


The Novell config console command is great for getting a quick display of the hardware settings, 
node address, frame type, board name, and bindings for documentation or for setting up filters. 
Use it to check your work on the server (see Figure 4-6). 


Figure 4-6. Novell Config 


Select \\Gwise\sys PUBLIC\ RCONSOLE-EXE 


¥ server nane: Gl 
iPx” arose network > 346648E2 


Frane type: UIRTUAL_LAN 
LAN protocol: IPX network 346648 
Server Up Time: 1 Hour 11 Minutes 58 — 


ovell NE2808 

Version 3.62 ory 5S. 1996 

Harduvare ess: OanaZ9e ports 388h to 31Fh, Interrupt fh 
Node aseress= B29EB5C6 

Frane type: ERNET_882.3 

Board name: NEZOOO 1-583 

LAN protocol: IPX network 68000516 


ovell NE2880 

Version 3.62 June 5, 1996 | | 

Harduvare ess: ooua29 170 oopezee 388h to 31Fh, Interrupt Ah 
Node address: EWier Base 


$2 
No LAN protocols are bound to this LAN board 


ovell NE26@8 
Press ESC to terminate or any other key to continue>_ 


NOTE 


| am recommending you update your drawing at this point. However, | am assuming 
that you have realized the importance of documentation and have been doing so all 
along. | will continue without too many reminders in this area. 


NOTE 


It is a good practice to always specify encapsulation when you configure Novell 
interfaces on Cisco routers. Whether the default or not, this will make you conscious of 
the correct encapsulation type. Besides, this is a good item to document. 


Next you should configure at least one IPX host to prepare for the rest of the chapter. Using the 
Network Properties sheet, configure hostb for |PX as the default protocol using the Microsoft 
Client for NetWare as the primary logon with auto frame-type detection. Follow these steps for 
the Windows 98 hostb client. Other Microsoft client configurations are very similar. If you prefer 
to use the Novell clients, go to Novell's website for specific instructions. 


Step 1. Go to Start > Settings > Control Panel and choose Network or just right-click 
Network Neighborhood to get to Properties. 


Step 2. Add the Microsoft Client for NetWare and select it as the Primary Network Logon. 


Step 3. Add the Microsoft protocol | PX/SPX (or NWLink). Enable NetBIOS support in the 


Properties sheet and review the other tabs. On the Advanced tab, locate where you adjust 
the frame type so that you are familiar with it. Also put a check in the box for IPX to be the 
default protocol. It is not necessary to run TCP/IP on the client at all for this chapter. 


Step 4. Make sure the Novell server is up and running before you reboot the client. Reboot 
the cient and log in with the Administrator account and password for your Novell server. 


Step 5. Right-click Network Neighborhood and edit the Microsoft Client for NetWare. 
Choose the preferred server name for your lab from the drop-down list. For example, mine 
is gwise. 


NOTE 


Many workstations send out Get Nearest Server (GNS) requests in a specific order, 
such as 802.3, 802.2, Ethernet_I!, and SNAP. To stop a workstation from attaching 
itself to a server with the wrong frame type, manually set the correct frame type under 
the IPX properties. Depending on the client, you can check this information using 
ipxroute config at the command prompt. 


Internet Layer Protocols, Applications, and Utilities 


The Novell | PX suite of protocols includes not only IPX and SPX but also many upper-layer 
applications and utilities for file, print, messaging, database, and other common practical 
services. You confirmed this when you enabled IPX routing, because it automatically enabled | PX 
RIP as the routing protocol by default. 


|PX uses RIP and SAP broadcasts to build a table of routes and a table of services. J ust as with 
an IP packet, routing decisions must be made for an!PX packet based on the destination 
network. 


Your first task in this subsection is to turn on debug ipx packet and ping the Novell server 
internallPXnumber from r1 using the address from the Novell console config command (as in 
Example 4-27). Next ping a few router interfaces. Why can you ping the router interfaces but not 
the Novell server? Capture this activity to a Sniffer file and save it as chapter 4 ping fails from rl 
to novell server sniffer capture. 


Example 4-27. Ping | PX Fails from R1 to Novell Server 


rl#debug ipx packet 

IPX packet debugging is on 
rl#ping 

Protocol [ap)]s apx 


Target IPX address: 346648e2.0000.0000.0001 


Repeat count [5]: 


Datagram size [100]: 


Timeout in seconds [2]: 


Verbose [n]: 


Type escape sequence to abort. 


Sending 5, 100-byte IPXcisco Echoes to 346648E2.0000.0000.0001, 


timeout is 2 seconds: 


01:28:39: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 


1n=100 tc=00 pt=01 ds=0002 ss=0002, gw=Et0:516.0080.29e8.5c6b. 


01:28:41: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 


1n=100 tc=00 pt=01 ds=0002 ss=0002, gw=Et0:516.0080.29e8.5c6b. 


01:28:43: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 


1n=100 tc=00 pt=01 ds=0002 ss=0002, gw=Et0:516.0080.29e8.5c6b. 


01:28:45: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 


1n=100 tc=00 pt=01 ds=0002 ss=0002, gw=Et0:516.0080.29e8.5c6b. 


01:28:47: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 


1n=100 tc=00 pt=01 ds=0002 ss=0002, gw=Et0:516.0080.29e8.5c6b 


01:28:47: IPX: Se1l:580.00b0.6481.¢e300->580.ffff.ffff.ffff ln= 72 


tc=00 pt=01 ds=0453 ss=0453, rcevd 


01:28:47: IPX: Se1:580.00b0.6481.¢e300->580.ff£ff£.f£fff£.ffff ln= 72 


tc=00 pt=01 ds=0453 ss=0453, local. 


Success rate is 0 percent (0/5) 


rl#show ipx interface ethernet 1 
Ethernetl is up, line protocol is up 
IPX address is 532.0000.0c8d.6706, NOVELL-ETHER [up] 


Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 


rl#ping ipx 532.0000.0c8d.6706 

01:29:20: IPX: Et0:516.0080.29e8.5c6b->516.ffff.ffff.fffL ln= 40 tc=00 
pt=01 ds=0453 ss=0453, rcevd 

01:29:20: IPX: Et0:516.0080.29e8.5c6b->516.ffff.ffff.fffL ln= 40 tc=00 
pt=01 ds=0453 ss=0453, local0c38.a05d 

Type escape sequence to abort. 

Sending 5, 100-byte IPXcisco Echoes to 532.0000.0c38.a05d, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms 

cl# 

01:29:26: IPX: local:532.0000.0c8d.6706—->532.0000.0c38.a05d 1n=100 tc=00 
pt=01 ds=0002 ss=0002, gw=Et1:532.0000.0c38.a05d 

01:29:26: IPX: Et1:532.0000.0c38.a05d—->532.0000.0c8d.6706 1n=100 tc=00 
pt=02 ds=0002 ss=0002, rcevd 

01:29:26: IPX: Et1:532.0000.0c38.a05d—->532.0000.0c8d.6706 1n=100 tc=00 
pt=02 ds=0002 ss=0002, local 

01:29:26: IPX: local:532.0000.0c8d.6706—->532.0000.0c38.a05d 1n=100 tc=00 
pt=01 ds=0002 ss=0002, gw=Et1:532.0000.0c38.a05d 

01:29:26: IPX: Et1:532.0000.0c38.a05d—->532.0000.0c8d.6706 1n=100 tc=00 


pt=02 ds=0002 ss=0002, rcevd 


r2#show ipx interface serial 0 
SerialO is up, line protocol is up 
IPX address is 564.0000.0c38.a05d [up] 
r2#ping ipx 564.0000.0c38.a05d 
type escape sequence to abort. 


Sending 5, 100-byte IPXcisco Echoes to 564.0000.0c38.a05d, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms 
rl#undebug all 


All possible debugging has been turned off 


NOTE 
In the previous examples you looked at the interfaces to gather the IPX address to 
ping. Don't forget that show cdp neighbors detail gives that information for remote 


devices too. Just like with IP it is helpful to test local and remote communications. Use 
the CDP method to locate the r2e0 address to ping test it. 


A simple ping is the most basic testing tool with I PX, too, for checking whether packets make it 
to the destination. In IPX, however, the address is a little more difficult to type because you 
need the network number followed by the node address (MAC address). The default ping is a 
Cisco ping, which uses IPXprotocol number 2 (as you can verify in the shaded output of the 
preceding example). The | PX official ping uses socket number 0x9086. Cisco ping works fine for 
your Cisco devices, but your IPX devices do not understand its proprietary nature. It is good 
practice to change the IPX ping type using the ipx ping- default novell global configuration 
command on your routers. Fix the |PX ping problem and verify as in Example 4-28. Change the 
ping type to Novell on rl through r5 and save your configurations. Capture the results with a 
protocol analyzer to a file named chapter 4 ping fix from rl to novell server sniffer capture. 


Example 4-28. Ping | PX Fix from rl to Novell Server 


rl(config) #ipx ping-default ? 
CLsce use cisco echoes for IPX ping 
diagnostic use Diagnostic Request/Response for IPX ping 
novell use Novell Standard echoes for IPX ping 
rl(config) #ipx ping-default novell 
rl (config) #end 


rl#copy running-config startup-config 


rl#ping ipx 346648e2.0.0.1 


Type escape sequence to abort. 


Sending 5, 100-byte IPX Novell Echoes to 346648E2.0000.0000.0001, 
timeout is 2 seconds: 


4/4/4 ms 


Success rate is 100 percent (5/5), round-trip min/avg/max 

rl#debug ipx packet 

IPX packet debugging is on 

01:42:05: IPX: Et1:532.0000.0c38.a05d->532.ffff.ffff.ffff ln= 64 tc=00 
pt=01 ds=0453 ss=0453, rcevd 


01:42:05: IPX: Bt1:532.0000.0c38.a05d->532.f£fff.ffff.fffF ln= 64 tc=00 


rl#ping ipx 346648e2.0.0.1 

Type escape sequence to abort. 

Sending 5, 100-byte IPX Novell Echoes to 346648E2.0000.0000.0001, 
timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms 

vl# 


01:42:16: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 1n=100 


tc=00 pt=04 ds=9086 ss=9086, gw=Et0:516.0080.29e8.5c6b 


01:42:16: IPX: Et0:346648E2.0000.0000.0001->516.0000.0c8d.6705 1n=100 


tc=01 pt=04 ds=9086 ss=9086, rcvd 


01:42:16: IPX: Et0:346648E2.0000.0000.0001->516.0000.0c8d.6705 1n=100 


tc=01 pt=04 ds=9086 ss=9086, local 


01:42:16: IPX: local:516.0000.0c8d.6705->346648E2.0000.0000.0001 1n=100 


tc=00 pt=04 ds=9086 ss=9086, gw=Et0:516.0080.29e8.5c6b 


rl#undebug all 


All possible debugging has been turned off 


The Cisco debug ipx packet command is quite helpful in this instance. Notice that when you 
change the ping type to Novell, socket 0x9086 is used, whereas previously it was protocol 
number 2. The 452s and 453s shown are for SAP and RIP sockets. Later you may notice 455 for 
NetBIOS. Also compare the Example 4-28 Novell |PX echos to the Example 4-27 Cisco IPX echos. 
You can also load ipxping at the Novell server console and test things from that direction if you 
desire. 


NOTE 


Thedebug ipx packet command was helpful in finding the source of this problem, but 
debug packetanything is not the best choice in a production environment. Actually, 
not all Novell hosts respond to a ping, and in the real world you might have to resort to 
pinging a router interface and using other upper-layer testing methods for the host. 
Problems such as these are mind teasers at times and often frustrating. If all else fails 
with your structured layered methodology, remember to ask someone for help or geta 
good night's sleep on it. 


Compare the output of the debug and Sniffer captures for the ping portion only. Figure 4-7 and 
Figure 4-8 help you locate the protocol and socket information in Sniffer. 


Figure 4-7. Cisco Ping and | PX Protocol 2 
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Figure 4-8. IPX Ping and Socket 0x9086 
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Table 4-6 lists the fields of the IPX header (packet or datagram). Use the Sniffer capture of the 
IPX ping file from the preceding example to view the fields as in Figure 4-9. 


Figure 4-9. Analyzing the I PX Header 
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Table 4-6. The | PX Header (Packet or Datagram) 


Field Bits Description 
Checksum 16 Not used when set to all 1s (FFFF). 
bits 
Packet 16 Number of bytes up to the MTUL1 size. No fragmentation. 
Length bits 
Transport 8 bits | Shows routers the packet has transited. The limit is 16. 
Control 
Packet Type | 8 bits | Link to next layer (like IP protocol number). Examples include 0- 
unknown, 1-RIP, 5-SPX, and 17-NCP. 
Destination 32 External (wire) network number. 
Network bits 
Destination 48 MAC address. 
Node bits 
Destination 16 See source socket. 
Socket bits 
Source 32 External (wire) network. 
Network bits 
Source Node § 48 MAC address. 
bits 


Source 16 Pointer to upper layers (like a TCP/UDP port number). Examples include 
Socket bits 0451-NCP, 0452-SAP, 0453-RIP, 0455-NetBIOS, and 0456- Diagnostics. 
4000-6000 are ephemeral sockets for server and network 
communications. 


Upper Layer | Varies | |nformation for upper-layer processes. 
Data 


(*] MTU = Maximum Transmission Unit 


NOTE 


The first 2 bytes of the IPX header are a 2-byte checksum. It is calculated in 1's 
complement binary, not 2's complement, so FFFF = minus 0 has the reserved meaning 
of "no checksum performed." 


The checksum is not used when set to all FFFFs. The length of the selected packet is 88 bytes; 
remember I PX does not fragment packets like |1P. The transport control shows that O routers 
have been transited. Note that I PX time-to-live (TTL) counts up to a maximum of 16. In the IP 
header, TTL is initialized to a maximum of 255 and decremented to 0. The packet type is 1, 
which is how | PX links to the next layer. Sniffer is friendly enough to display packet type 1 as 
RIP rather than make you look up the data. Other sample protocol numbers you can expect to 
see here include the following: 


e SPX— 5 
e NCP— 17 
e SAP— 4 


e IPX RIP— 1 
e NetBIOS— 20 
e Any— 0 


The destination network.node is 516.FFFFFFFFFFFF, which is the directed broadcast for network 
516. The source network.node is 516.00000c8d6705 for r1, which is the same as the source MAC 
from the Data Link Layer. The source and destination socket numbers are 453, which is the 
socket for RIP to link to the RIP header. Now review the | PX RIP packet in the Sniffer output in 
Figure 4-10. Compare it to Table 4-7. 


Figure 4-10. Analyzing the IPX RIP Header 


View full size image 


her Cootime cape Oecode, 22/027 Ethernet mes} 


Ty tie Monts Cate Took Catabave Window Hels ali 
il] Bia} © 

bie. [ores Lasce Cer Bliel Yee [0st Vee =] 
al 36. Q0000 cay vee * Ut ? Ox te } 0 bot 
j)12 GTIse "ls16 ‘dop}0cars70) He Ping tve0 * 1 (Rep) ID + OxODls 214 | G:00:27.150) @ 90f 
) 24 $36 O0000CHD570) CVISE | iE Pisg Tyre + 0 (Rost) ID = Ox2E1e 224) O;00-37.333) 0 O05, 
myias Giise S16 Ooo0CaDs 70) IPE. Ping Type + 2 (Rep) ID + OxZELE 226) 0:00:27.133) Oo 000° 
jii6 bi6 G0000C8D570! Gy GRISE |IPx Ping Type * 9 pends ) ID = OwO2i? A146) 0:00:17.2387) 9 BDz) 
ait Crise S16 Sepjorage?o) IX. Ping T = 3 (Rep) ID + 0x02? 414 | 0:00:27.187) & O0C) 
ayy Cosmpiepe70s | Cisco toe? |Log pa ’ cain < so 0:00.39.939| 2 82 
jig 095973070076 geLors07bo7e i a ipt © 60 9:00:25.031) 5.08 
yi20 |08S07307D076 o1opecccc\ece ere. trees yet h (Device ID); TyperOx0002 (Address); Ty) zee 0-00:25.033) 0 00 
Py 23 |csecolade7 0 teeoi62$705 LoD 0:00:29 934) 4 93! 
pyiz2 

Pii23 O850?J07 D0 Ocs0730/be 1 Loe fep = 0-00 0 og: 
Pi 24 516 .OG0?9RDSCE) 5 ib FPaVEDySEYY Ee ne butar Cater Tere PCHRHOer 302 | 0.00.36.395| 1.43: 
ji25 Ciscol SD6705 1G 9001826705  |LOOP: Reply Feceipe 0 60 9:00:'39.938) 3 80; 
ryi26 08507307D076 goseran ers bea Reply Seceipt +0 6c 0:-00:45.077) 5 O7E 
H 36 Tic8,2.0),., |[2eE 265.285 26 00CE Requeat, Nemsege type: DACP 0 Saz| 9-00:80.559| 9 55% 
r] 3 t, type Lecorer ¢ 
s \23 hisorserbove } OSO73070076 Reply Feceipt -0 40 0-00.55 076| 4 Sif 
| 30 i 0.0.9} 78S 255 255 oxime opens i Reseee tyne TROP Pisonrer 347| 0:00:56 S3A| 1 aR: 
32 seco SD6705 i soo] 826705 | Looe enced Bee $0 0:01:00 iM 3 bee 
1/32 Crsenl aberos G1oop0cecacc jcte T Coat Cyrice 10 1D) wBEP oiscore (AGtress) BE 0:02:00.110) Oo Oot 
ji/33 $.9.0.0) Ga 253.255 25/D8-P t. Nesseve + Discover 342 | O:02:02.557) 2.453 
ize TSE DEICTAACER VIKG:: Poll inactive station, 60 O:01:02.776) 0 208 
35 $36 GOO0DCEDS70) CNISE IPR: Pieg Trpe = 0 (Rast) ID « aera 214) 0:01:02.957) 0.193 
ji 36 GTISe | 536. ooos0cans70) pts aoe Type -1t tRsp) 1D + OxFED1 424) 6:02:02.957) 0 00 
lel uy = r 


Packet typo + 2 (RIP) 


TPX. Dest setvork node + $16 FFFFFFFFFFFF. socket + 453 (NetVere Routing) 
TPX) Graree setwore note © S16 POMINCEERTNE ancker = 459 (KetBare Pruting) 


IFt 

egmim —— Norell Roasting Information Proteco!l (RIP) ——— 
IPE: Operation + 2 (response 
1Px 


IPX: Object setwork + Oe0000564 
IPK- Hop coust + 2 

TK = Wusber of tithe - 3 

Object setwork + Ondgggeses 


For Helo, rest oe 6 sa 2 are 


Table 4-7. The |PX RIP Packet 


Field Description 


Operation 1 RIP request 


2 RIP response 


Network number Specified external |PX number 
Number of hops Routers passed through 
Number of ticks Time to reach network (about 1/18 of a second) 


1 tick for LAN 


6 ticks for WAN 


SAP packet SeeTable 4-8 


Figure 4-10 illustrates Frame 22 of the previous ping file. The RIP header displays operation 2, 
which is a RIP response about various I PX external network numbers (wire IDs), including 548. 
The hop count is 2, which means passing through two routers, and the tick count is 3, which is 
how long it took, which in this case was about 3/18 of a second. Review Table 4-8 and Figure 4- 
11 to get more familiar with the IPX RIP SAP packet. 


Figure 4-11. Analyzing the IPX RIP SAP Header 
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Table 4-8. The | PX RIP SAP Packet*1 


Description 


Operation 1 General service request 


2 General service reply 
3 Nearest service request 


4 Nearest service reply 


Service type 4 File server 


7 Print server 

47 Advertising print server 
112 HP print server 

26B Time synchronization 


278 NDS server 


Server name 48 bytes 


Network address 32-bit network, 48-bit node 


Node address 48-bit MAC address 


Socket address 16-bit socket number 


Hops to server Routers passed through 


[*] Refer to [ANA's Novell SAP Table for a list of SAPs from various sources (www. iana.org/assignments/novell- 
sap-numbers). 


The first occurrence of any SAP activity in Figure 4-11 and my previous ping Sniffer capture is 
Frame 24. The operation is a general service response for the following services: 


e 0004 File Server 

e 026B Time Synchronization 

e 0278 NetWare Directory Server 
e 0107 RSPX 


The network.node information for each of these services is 346648e2.0000.0000.0001, which is 
the internal |PX number for my gwise server. The socket information is as follows: 


e 0451 NCP 
e 0005 Time Synchronization 
e 4006 Ephemeral 


e 8104 RConsole 


NOTE 


|PX sockets 4000 to 6000 are temporary sockets used for interaction with NetWare 
servers and other network communications. 


You might find it interesting to go to your protocol analyzer with this capture open to check the 
SAP interval. Select the first SAP frame, use the Display menu to mark it, go down to the next 
SAP frame and view the relative or delta, which is roughly 1 minute. Obviously this can cause 
problems, especially over dial-on-demand routing (DDR) links. However, the Cisco |1OS can 
spoof this traffic. NetWare 5 and above replace SAP with Service Location Protocol (SLP) so that 
service and directory agents interact to locate network services. See Novell's website for more 
information. 


SAPs remind me of commercials on television. They just keep reminding you of things to eat or 
buy. This extra traffic is definitely not advantageous on the WAN. SAP tables can get rather 
large, and at a minimum you should limit SAP traffic on the WAN using SAP filters. Alternatively, 
you can adjust the SAP interval on the WAN interfaces or just don't configure |PX on the 
interface at all. Otherwise, you will severely impact the bandwidth available to users. Printers 
are a good example. They are typically local to your facility, so why advertise them to the rest of 
the world? SAP filters are from 1000 to 1099. 


Consider this example. Assume that print servers are configured on the chapter scenario network 
516. hosta and hostb need all IPX services on network 516. However, the other routers and 
hostc need only to be made aware of | PX file servers. Think about how to configure this and 
check your thoughts against Example 4-29. 


Example 4-29. SAP Filter to Allow Only I PX File Servers 


rl (config) #access-list 1005 permit ? 

=i Any IPX net 

<O-FFFFFFFF> Source net 

NH. A Source net.host address 
rl1l(config) #access—list 1005 permit -1 ? 

<O-FFFF> Service type-code (0 matches all services) 

N.H.H.H Source net.host mask 

<Cr> 
rl(config) faccess—list 1005 permit -1 4 
rl(config) #interface ethernet 1 
rl(config-if) #ipx output-sap-filter 1005 
rl(config) #interface serial 0 
rl(config-if) #ipx output-sap-filter 1005 
rl(config) #interface serial 1 
rl(config-if) #ipx output-sap-filter 1005 


rl (config-if) #end 


rl#copy running-config startup-config 


The problem with Example 4-29 is that it blocks services other than print services. Remove the 
preceding filter if you actually configured this on your router. Apply a SAP filter to permit 
everything except print services, as in Example 4-30. Whether you need all the no statements is 
10S version- dependent. 


Example 4-30. SAP Filter to Deny All | PX Print Servers 


rl(config)#no access-list 1005 

rl(config) #interface ethernet 1 
rl(config-if)#no ipx output-sap-filter 1005 
rl(config) #interface s0 

rl(config-if) #no ipx output-sap-filter 1005 
rl(config) #interface sl 

rl(config-if) #no ipx output-sap-filter 1005 
rl (config-if) #exit 

rl1l(config) #access—list 1005 deny -1 7 
rl1l(config) #access—list 1005 deny -1 47 
rl1l(config) faccess—-list 1005 permit -1 
rl(config) #interface el 

rl(config—-if) #ipx output-sap-filter 1005 
rl(config) #interface s0 

rl(config-if) #ipx output-sap-filter 1005 
rl(config) #interface sl 


rl(config-if) #ipx output-sap-filter 1005 


rl(config-if) #end 


rl#copy running-config startup-config 


NOTE 


Input and output SAP filters are very effective. |n general you should block Novell SAPs 
as close to the source as possible. Any network is permitted or denied by using -1, 
whereas any service is permitted or denied using 0. A combination of |PX standard 
access lists and SAP filters can accomplish quite a bit on the IPX scene. SAP filters are 
popular and useful, but be aware of how Novell print services works (because the 
printer SAP entry must be known to the file server). 


Static SAPs can be created to simulate services that would show up with the show ipx servers 
command. The syntax is as follows: 


router (config) #ipx sapservice-type name network.node socket hop-count 


The network must be in the router's IPX routing table. Take a look at a SAP table for many 
common SAP numbers and their descriptions. One way to do this in a lab environment is to enter 
ipx network commands on loopback interfaces. Then point the static SAPs to them. Remember 
that both IPX RIP and SAP obey split horizon. 


Setting up your routers, the Novell server, and the clients; working with various commands; and 
performing the packet analysis in your lab should have made you a little more comfortable with 
how IPX works. I'll certainly test that out in the upcoming Trouble Tickets. | PX is the main 
protocol at the Internet Layer for the |PX/SPX stack. Helpers such as ARP and Reverse Address 
Resolution Protocol (RARP) are not used with IPX because the MAC address is the node address. 


Before you venture into the Trouble Tickets, I'll spend a bit more time discussing addressing and 
routing protocols as! cover the Transport and Application Layers. 


Transport (Host-to-Host) Layer Protocols, Applications, and Utilities 


As you recall from the OSI model in Chapter 1, "Shooting Trouble," the Transport Layer is all 
about host-to-host delivery. |PX is a Layer 3 unreliable connectionless datagram delivery 
protocol; its Layer 4 counterpart, reliable connection-oriented SPX, is for things such as remote 
console and printing. SPX II is compatible with SPX and in addition provides features such as 
sliding windows, end-to-end large data packets, and an orderly release of a connection. Check 
outwww.novell.com for more details. Figure 4-12 displays Sniffer's view of the SPX header 
format when! issued the RConsole command from my client. Feel free to capture your own 
RConsole session, open the Sniffer file (chapter 4 remote console and spx sniffer capture) or just 
view the output from Figure 4-12. 


Figure 4-12. Analyzing the RConsole SPX Packet 
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As you have seen in the previous layered subsections, after you have eliminated Physical Layer 
issues, protocol connections are troubleshooting targets that must be considered. After the 
protocol connections have been confirmed as operational, it is time to move up to the Application 
Layers. | could not begin to cover the vast variety of upper-layer applications in use today, but | 
will introduce some more of the major Application Layer protocols of the |PX/SPX suite. 


Prepare for the next section by performing the following: 


e Use Sniffer to capture the Novell server starting up; use a config command on the Novell 
box and a ping to the Novell server from rl. Save the file as chapter 4 startup 8023 server 
config and ping sniffer capture. 


e Use Sniffer to capture a client startup on an 802.3 network. Browse Network Neighborhood 
and look at the sys volume on the Novell server. Next select Start > Run \\ gwise\ voll, 
chooseSoftware and then Client. Optionally, select Whoami by right-clicking Network 
Neighborhood. Save the file as chapter 4 client startup on 8023 browse net neigh and sys 
sniffer capture. 


Upper-Layer Protocols, Applications, and Utilities 


At the upper layers of the | PX/SPX protocol stack, the Novell NetWare Core Protocol (NCP) is 
used by file servers and clients alike for server routines and file and print management. Novell 
clients make a GNS request, and Novell servers or Cisco routers can respond. This is possible 
because Cisco routers maintain a RIP and SAP table. However, the Cisco device is polite in that it 
lets a Novell server of the requested type respond if one exists in the direction from where the 
request was heard. When the client finds a server, it broadcasts a RIP request to locate a route 
to the server. Finally, the Novell client can send NCP requests to log on and use the file system. 


Analyze the Sniffer client startup file that you captured earlier as | do in Figure 4-13 and Figure 


4-14. 


Figure 4-13. Analyzing the IPX Client Startup 
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Figure 4-14. Analyzing the IPX Client Startup 
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The IPX header in frame 26 shows the RIP request where the source address is 0.hostbmac and 
the destination is broadcast. The client does not actually learn its |PX network address until after 
the RIP response, as you can see in frame 33. Follow the overall sequence of messages in the 
Sniffer summary pane for GNS, the I|PX RIP request, the NCP connection and negotiation, 
including the volume mounting. The IPX header in frame 32 displays the source and destination 
address as 0, which means this wire and the all FFFFFFFFFFFFs indicate a broadcast on this wire. 


The NCP connection and negotiation occurs in lines 83 to 114. Frame 87 mentions the 
negotiation of get big packet max size where it is negotiating the path MTU size. IPX uses path 
MTU discovery rather than fragmentation. | think of this portion of NCP as like Microsoft's Server 
Message Block (SMB) protocol. Frames 89 to 92 sends two full MTU-size echos to port 0x4002 
for testing. ACK packets take up space and burst mode is there for windowing, which can 
improve throughput for file transfers. NetWare increases and decreases the gap between packets 
for windowing. Login starts in f 4rame 105, where Sniffer shows the bindery object information 
for Administrator. NCP continues the mounting of the sys volume and volume 1 as well as the 
Administrator login. 


NOTE 


Thebindery is a flat database on each server, whereas Novell Directory Services (NDS) 
is a hierarchical database of all objects in directory trees and organizational units. 
Although you can use just bindery services today, most Novell shops take advantage of 
the NDS capabilities for single-login purposes to use and manage network resources. 


Another example of upper- layer services is Network Basic Input/Output System (NetBIOS). You 
enable NetBIOS support on the client. It is a Session Layer interface for |BM and Microsoft. 
Practical applications of NetBIOS include browsing Network Neighborhood and using many of the 


command-line net commands. Type net / ? at the client command prompt to see the available 
network commands. 


For example, | can type net view \\ GWISE to see the sys volume and volume 1 on my server 
or type net use to map adrive. The net use g: \ \ gwise\ sys command maps the G: drive to 

my NetWare sys volume, so |! can get to it as easily as | can to my C: drive. Type net config to 
see client and server information. These commands and others are very helpful troubleshooting 
commands for Windows-based clients, whether they are running the Microsoft Client for Novell 

Networks or for Microsoft Networks. 


As with any protocol suite, you can spend a lifetime learning the specifics of the upper layers. 
For IPX in particular, you might want to spend more time researching NDS, ZenWorks, the 
NLMs, and other add-on modules for Novell and third-party services responsible for 
management, file, print, message, and database services. 


Addressing 


Regardless of what is happening at the upper layers, the |PX addressing scheme is an integral 
part of routing. NetWare is a software router. The routing table consists of unique internal 
(server) and external (wire) |PX numbers. The internal network number is internal to the file 
server and always ends in 0000.0000.0001. It is a logical network that routes packets to the 
physical networks to which a server is attached. Think of it like a loopback interface on a Cisco 
router. The external network number is the wire |D analogous to a subnet in | P. Periodic 
broadcasts are sent out on the wire, and the network and encapsulation numbers must match 
(as you saw in the chapter scenario). 


You viewed the router routing table with show ipx route and the services table with show ipx 
servers. You can even see the server list from the client with slist/ nlist. You viewed the Novell 
routing table on the server with display networks and the Novell SAP table with display 
servers. 


NetWare addresses consist of an 80- bit network.host hex number. The network number is 32 
bits—an 8-digit hex number where the leading Os are suppressed. The host (node) number is 48 
bits, or a 6-digit hex number. Because the MAC address is the node address, there is no need for 
ARP in an IPX environment. Hexadecimal is Base16, where the digits 0 to 9 and the letters A to F 
are available. The following Cisco commands are quite helpful for addressing: 


e show ipx interface brief 
e show ipx interfaceinterface 


e show protocols 


NOTE 


Novell offers the Novell Network Registry, which is a service to assign and track | PX 
network addresses and organization names. The Registry assigns a contiguous block of 
addresses unique to your organization. This way when companies merge or want to 
interconnect, the numbers are ensured to be unique. Send an e-mail to 
registry@novell.com or call 408 577-7506 to receive a copy of the Novell Network 
Registry if you are still using I PX. 


How do you determine the network number? You could ask someone, use Cisco Discovery 
Protocol (CDP), or use the NetWare config command at the file server console. 


You have certainly witnessed practical examples of where you need to know addressing. Another 
example is an access list. Unlike IP, IPX standard access lists (800 to 899) include both source 
and destination addresses. Therefore, many things can be accomplished with either a standard 
ACL or a SAP filter (1000 to 1099). If you need extended protocol or socket capabilities, 
extended | PX ACLs (900 to 999) provide that. 


Routing Protocols 


As mentioned in the preceding chapter, routing protocols have their own unique characteristics, an 
encapsulation types have a big impact on them. Understanding how they work will certainly assist 
troubleshooting them now and later. Most of the statistics listed for each can be found with | OS cor 
show protocols and show ipx route. Logging, debugging, and Sniffer are certainly valuable tool 
detail when troubleshooting, too. 


The following subsections briefly examine the RIP, NLSP, and EIGRP IPX routing protocols. This dis 
you understand the basic background and theory of each of these routing protocols and therefore f 
application. 


IPX RIP 


IPX RIP is the default distance vector routing protocol for IPX. It is enabled automatically when yot 
routing. The [PX RIP metrics are ticks (1/18 of a second) and then hops. When you previously issut 
networks command on the Novell server, the ticks/hops followed the network number. The WAN i 
ticks is 6. The LAN interface default ticks is 1. To change the ticks value on an interface, use the fol 
configuration command: 


ipx delay [0-65535] 


Novell added the Service Advertisement Protocol (SAP) (not to be confused with | EEE 802.2 LLC se 
points) to its RIP implementation. This is how servers broadcast (advertise) the services and addre 
available. Cisco routers do not forward individual SAPs; instead, they build SAP tables just as they 
These tables are broadcast every 60 seconds in an |PX RIP environment. 


Configuring |PX RIP is as simple as turning on |PX routing. If you can't use the show ipx route co 
not have | PX routing turned on; if you can't turn that on, you may need a different |OS feature set 
must worry about having enough memory to support the new |OS with the appropriate feature set 


NOTE 


To save you a little frustration, the global configuration command to turn off |PX RIP is no rou 


NLSP and EIGRP are viable alternatives for IPX RIP. NLSP is Novell's link-state routing protocol, an 


proprietary routing protocol that supports multiple routed protocols (including I PX). 


NLSP 


NetWare Link Services (State) Protocol (NLSP) has several advantages over |PX RIP. It is more sca 
complete map of the network rather than just next-hop information. It was designed to replace RIF 
global networks with less overhead. As its name describes, NLSP is a link-state routing protocol thé 
and service changes, not periodic updates. Reliability is increased and routing is improved especial 
through IPX header compression and multicast addressing to all NLSP routers. 


Search at Cisco.com for "configure nlsp" for help with this routing protocol. The following site is ve 
|PX-related routing protocols and sample configurations, too: 


www.cisco.com/univercd/ cc/td/doc/ product/software/ios121/121cgcr/atipx_Cipx/2cdipxex.hi 


EIGRP 


Novell servers do not understand the Enhanced IGRP (EI GRP) routing protocol. However, EIGRP is 
for IPX on the LAN and EIGRP on the WAN. Table 4-9 illustrates some IPX EIGRP configuration and 
commands. Redistribution occurs automatically between IPX and EIGRP unless you turn this featur 
redistribute. Other reasons for |PX on the LAN and EIGRP on the WAN include the increased netw 
incremental SAP updates. 


Table 4-9. |PX EI GRP Configuration and Troubleshooting Comm. 


Task 1 PXEI GRPCommand 


Enable the routing process using an AS number — rl1(config)#ipx router eigrp 100 


Configure the directly connected networks r1(config-ipx-router) #network 516 
r1(config-ipx-router) #network 532 
r1(config-ipx-router) #network 580 
r1(config-ipx-router) #network 1011 


r1(config-ipx-router) #end 


Miscellaneous parameters r1(config-ipx-router) #no redistribute ? 
r1(config-ipx-router) #ipx hello-interval eigrp 
r1(config-ipx-router) #ipx hold-time eigrp ? 
r1(config-ipx-router) #no ipx split-horizon eic 
r1(config-ipx-router) #ipx sap-incremental ei: 


r1(config-ipx-router) #distribute-listASnumbei 


r1(config) #ipx backup-server-query-interva 


Monitor IPX EIGRP r1#show ipx eigrp ? 
rl#show ipx eigrp neighbors ? 
rl#show ipx eigrp topology ? 


rl#show ipx eigrp route ? 


rl#show ipx eigrp traffic ? 


As mentioned in Chapter 3, individual routing protocols are books in themselves. The routing table 
start troubleshooting; if routes are missing, however, ultimately that may depend on Physical or D. 
neighbor relationships, and/or topology tables. Cisco does a great job at assisting you with IP and 
troubleshooting, as you can see in Figure 4-15. 


Figure 4-15. Troubleshooting Novell |1P and I PX Issues 
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If you are still using Novell's IPX in your environment, look up some of the case studies displayed i 
Other troubleshooting issues include timers. They must match between routers (and servers) on a 
otherwise routes/services appear to come and go, resulting in intermittent connections. 


Now it is time for the chapter Trouble Tickets. The plan here is to give you several things to do, let 
mistakes and fix some things on your own, and to introduce other problems that you should have s 
with as a Support person. Shooting trouble with IPX can be as easy as dropping the X, which may i 
appropriate on the WAN. However, that solution is not a viable one for the Trouble Tickets. The I P» 
start where the chapter leaves off for the client, server, and router configurations. 


Trouble Tickets 


Complete the following Trouble Tickets in order. Use the tools from this and the previous 
chapters to analyze, test, and document as you go. Feel free to create your own physical layer 
problems if you need more practice there. Sample solutions are provided after this section. 


Trouble Ticket 1 


Set up each router so that when you ping a Serial interface you are pinging the wire 
number.router number. Use numbers such as all 1s for rl, all 2s for r2, and so on. Display the 
router and interface configuration for all routers as | do for r1 in the solution. Ping a serial 
interface on another router to verify connectivity. Document within the configuration right before 
you ping the other router's serial interface. 


Trouble Ticket 2 


Change the frame type for network 516 to 802.2. Ping from r1 to the Novell server to verify 
connectivity. |ssue an extended trace, too. 


Trouble Ticket 3 


Change the routing protocols so that you are using RIP on the Novell LAN and EI GRP for 
everything else with an AS number of 100. Configure the WAN links between r2 and r3 to load 
balance if possible. View the routing table and use debug to watch the routing and SAP updates. 
Save the data to a log file for later review. Make sure there are no filters or ACLs blocking 
anything. 


Trouble Ticket 4 


Use Sniffer to capture the Novell server startup. Ping it when it is up from r1. 


Trouble Ticket 5 


Use Sniffer to capture the hostb client startup on 802.2. Verify connectivity through all layers. 
Set the client set to the wrong frame type. What happens? 


Trouble Ticket 6 


Use tools such as CDP to assist you in updating your chapter scenario diagram. Label things such 
as device types, |OS versions, node addresses, wire addresses, cable specs, routed/routing 
protocols, and so on. 


Trouble Tickets Solutions 


These solutions are not always the only way to perform these tasks. However, the upcoming 
chapter scenarios are based on these solutions. 


Trouble Ticket 1 Solution 


Example 4-31 and Example 4- 32 illustrate the ipx routing command on each of the routers. | 
used 1111.1111.1111 for r1, but 1.1.1 would also work just fine. This optional node command 
makes troubleshooting serial interfaces easier because you are not just having them 
automatically use the MAC address from an available Ethernet, Token Ring, or FDDI interface 
but rather one you are familiar with for all serial interfaces on the router. The show ipx 
interface serial 0 command is a quick way to see that the serial O interface is utilizing the IPX 
routing node you configured. 


Example 4-31. 1PX Trouble Ticket 1 


rl(config) #ipx routing ? 
HsH.H IPX address of this. router 
<Cr> 
rl(config) #ipx routing 1111.1111.1111 
rl (config) #end 
rl#show ipx interface serial 0 
SerialO is up, line protocol is up 
IPX address is 1011.1111.1111.1111 [up] 
Delay of this IPX network, in ticks is 6 throughput 0 link delay 0 
IPXWAN processing not enabled on this interface. 


IPX SAP update interval is 60 seconds 


rl#show running-config 
Building configuration... 
Current configuration: 


version 12.0 


service timestamps debug uptime 

service timestamps log uptime 

no service password-encryption 

hostname rl 

enable secret 5 $1$m0s2SPq/6.NpOCSzhbQI1Ny.cnG/ 
enable password donna 

ip subnet-zero 

ipx routing L111.1221..1111 


ipx ping-default novell 


interface Ethernet0O 


rl#copy running-config startup-config 


Example 4-32 shows IPX routing commands on r2 through r5. My test shows a ping to r2s0. 
Remember to save all the configurations. 


Example 4-32. Configuring | PX Routing on r2 Through r5 


r2 (config) #ipx routing 2222.2222.2222 
r3 (config) #ipx routing 3333.3333.3333 
r4(config) #ipx routing 4444.4444,.4444 
r5(config) #ipx routing 5555.5555.5555 
r2#show ipx interface serial 0 
SerialO is up, line protocol is up 


TPX address is 564.2222 ..2222.2222 [up] 


r2#ping ipx 564.2222.2222.2222 


Sending 5, 100-byte IPX Novell Echoes to 564.2222.2222.2222, timeout is 


2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 
rl#!!!now pinging r2s0 from rl 
rl#ping ipx 564.2222.2222.2222 
Type escape sequence to abort. 
Sending 5, 100-byte IPX Novell Echoes to 564.2222.2222.2222, 
timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms 


r1# 


Trouble Ticket 2 Solution 


Configure the Novell server with the unbind and bind commands or the inetcfg bindings menu 
(load inetcfg) as well as the rl interface connected to wire 516. The commands for r1 are in 


Example 4-33. 


Example 4-33. 1PX Trouble Ticket 2 


rl(config) #interface ethernet 0 
rl(config-if) #ipx encapsulation ? 

arpa IPX Ethernet_II 

hdle HDLC on serial links 

novell-ether IPX Ethernet_802.3 

sap IEEE 802.2 on Ethernet, Token Ring, and FDDI 

snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI 
rl(config-if) #ipx encapsulation sap 


rl (config-if) #end 


rl#show ipx servers 
Codes: S -— Static, P - Periodic, E -— EIGRP, N - NLSP, H — Holddown, + = detail 
U = Per=-usér statxe 
4 Total IPX Servers 


Table ordering is based on routing and server info 


Type Name Net Address Port Route Hops Itf 
P 4 GWISE 346648E2.0000.0000.0001:0451 2/01 1 Eto 
P 107 GWISE 346648E2.0000.0000.0001:8104 2/01 1 Eto 
P 26B GWISE_TREE 346648E2.0000.0000.0001:0005 27/04 1 Eto 
P 278 GWISE_TREE 346648E2.0000.0000.0001:4006 2/01 1 Eto 


rl#show ipx interface brief 


Interface IPX Network Encapsulation Status IPX State 
Ethernet0O 216 SAP up [up] 
Ethernetl 22 NOVELL-ETHER up [up] 
Serial0O 1011 HDLC up [up] 
Seriall 380 HDLC up [up] 


rl#ping ipx 346648e2.0.0.1 

Sending 5, 100-byte IPX Novell Echoes to 346648E2.0000.0000.0001, timeout is 
2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 

rl#trace 

Protocol [ipl] s apx 

Target IPX address: 346648e2.0.0.1 

Numeric display [n]: 

Timeout in seconds [3]: 

Probe count [3]: 


Minimum Time to Live [0]: 


Maximum Time to Live [1]: 
Verbose [n]: 
Type escape sequence to abort. 


Tracing the route to 346648E2.0000.0000.0001 


tracing the route using Diagnostic Requests 


2 346648E2.0000.0000.0001 (GWISE) O msec 8 msec 8 msec 


NOTE 
Novell echoes are being sent in the ping packets because the ipx ping-default novell 
command was previously issued in the chapter. Look at your r1 configuration to verify 


this. If itis not there, the default is to send Cisco Echoes, which the Novell server 
would not understand. 


Trouble Ticket 3 Solution 


Example 4- 34 illustrates the ElGRP configuration on the routers. As far as the log file, | used a 
SecureCRT session, but you could have used the HyperTerm, Transfer menu, Capture Text 
method, or options from other terminal emulator programs. 


Example 4-34. 1PX Trouble Ticket 3 


rl(config) #ipx router eigrp 100 

rl (config-ipx-router) #network 580 
r1(config-ipx-router) #network 1011 

rl (config-ipx-router) #end 

rl#copy running-config startup-config 
r2 (config) #ipx router eigrp 100 


r2 (config-ipx-router) #network 548 


r2 (config-ipx-router) #network 564 

v2 (config-ipx-router) #exit 

r2 (config) #ipx maximum-paths 2 

r2 (config) #end 

r2#copy running-config startup-config 
r3 (config) #ipx router eigrp 100 

r3 (config-ipx-router) #network 548 

r3 (config-ipx-router) #network 564 

r3 (config-ipx-router) #network 580 

r3 (config-ipx-router) #exit 

r3 (config) #ipx maximum-paths 2 

r3 (config) #end 

r3#copy running-config startup-config 
r4(config) #ipx router eigrp 100 
r4(config-ipx-router) #network 1022 

r4 (config-ipx-router) #end 

r4#copy running-config startup-config 
r5(config) #ipx router eigrp 100 
r5(config-ipx-router) #network 1011 

r5 (config-ipx-router) #end 


r5#copy running-config startup-config 


One major thing is missing from the preceding example as a result of you already having IPX 
configured on the routers. Issue debug ipx routing events and debug ipx sap events to give 
you some hints and fix the issues as | do in Example 4- 35. 


Example 4-35. Turning Off |PX RIP 


rl(config)#no ipx router rip 


rl(config) #ipx router rip 
rl (config-ipx-router) #network 516 
rl (config-ipx-router) #network 532 
rl (config-ipx-router) #end 


rl#copy running-config startup-config 


r2 (config) #no ipx router rip 

r2 (config) #ipx router rip 

r2 (config-ipx-router) #network 532 
r2 (config) #end 


r2#copy running-config startup-config 


r3 (config) #no ipx router rip 
r3(config) #ipx router rip 

r3 (config-ipx-router) #network 596 
r3 (config-ipx-router) #end 


r3#copy running-config startup-config 


r4(config)#no ipx router rip 
r4 (config) #end 


r4#copy running-config startup-config 


r5(config)#no ipx router rip 
r5 (config) #end 


r5#copy running-config startup-config 


Example 4-36 displays the IPX routing table. Notice the EIGRP-learned routes and the multiple 
paths to get to your destination. IPX load balancing is not enabled by default. By default the |OS 
splits traffic on a per-packet basis; NetWare NCP does not handle out-of-order packets within a 


burst gracefully. It uses per-host load balancing. 


Example 4-36. 1PX Load Sharing 


r2#show ipx route 


c - Connected secondary network 


L - Local 


X -— External, 


U — Per-user static 


Codes: C - Connected primary network, 
S = (Static, EF = Floating statud, 
R - RIP, E - EIGRP, N - NLSP, 
s - seconds, u - uses, 


9 Total IPX routes. 


No default route known. 
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(NOVELL-ETHER) , Eto 
(HDLC), Sel 
(HDLC), Se0 
[41049600/1] via 564 
via 548. 
[41024000/0] via 564. 
via 548. 
[40514560/1] via 564. 
via 548. 
[41536000/0] via 564. 
via 548. 
[41024000/0] via 548. 
via 564. 
[270336000/2] via 564. 
via 548. 
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Up to 2 parallel paths and 16 hops allowed. 
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45, Ou, Sel 


lu, Se0d 
Ou, Sel 


lu, Se0d 


Ou, Sel 


50,1u, Sed 
Ou, Sel 
lu, Sel 
Ou, Sed 
02,93u, Sed 


02,0u, Sel 


Trouble Ticket 4 Solution 


| performed the protocol analyzer capture and saved it as chapter 4 startup 8022 server config 
and ping sniffer capture. Look at Figure 4-16 or your Sniffer capture to examine the differences 
between I PX over 802.3 and 802.2 frames. 


Figure 4-16. 802.2 Server 
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Trouble Ticket 5 Solution 


| performed the protocol analyzer capture and saved it as chapter 4 bring up auto client on 
802.2 server sniffer capture. Look at Figure 4-17 or your Sniffer capture to analyze the layers 
and the incorrect frame type. 


Figure 4-17. 802.2 Client 
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Network Neighborhood is one way to verify all the layers. If you have problems with that, try the 
Find Computer selection or the net view command and capture the results in the protocol 
analyzer. 

When you set the client to the wrong frame type, the Novell Primary Network Login does not 
display, but the Client for Microsoft does. Other symptoms include Network Neighborhood 
showing the Entire Network icon only. You can't browse it, but the Microsoft client does point you 


to the Network Troubleshooter. That should give you another tool for your bag, but more 
importantly lead you to the issue of an incorrect frame type. 


Trouble Ticket 6 Solution 


| have highlighted some of the helpful output of CDP in Example 4-37 to assist you with updating 
your chapter scenario diagram. Check your work against Figure 4-1. 


Example 4-37.1PX Trouble Ticket 6 


rl#show cdp neighbors detail 
Device ID: r2 
Entry address(es): 
Novell address: 532.0000.0c38.a05d 


Platform: cisco 2500, Capabilities: Router 


Interface: Ethernet1l, Port ID (outgoing port): Ethernet0O 


Holdtime : 124 sec 


Version 


Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), 


Copyright 1986-2002 by cisco Systems, Inc. 


Compiled Sat 02-Feb-02 02:08 by nmasa 


Device ID: r3 


Entry address(es): 


Novell address: '580.3333:.3333.. 3333 


Platform: cisco 3640, Capabilities: Router 


Interface: Seriall, Port ID (outgoing port): Serial0/0 


Holdtime ;: 138 sec 

Version 

Cisco Internetwork Operating System Software 

TOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


Device ID: r5 


Entry address(es): 


Novell address: 1011.5555.5555..5999 


Platform: cisco: 2516, Capabilities: Router 


Interface: Serial0O, Port ID (outgoing port): Serial0 


Holdtime : 163 sec 


Version 


Cisco Internetwork Operating System Software 


RELEASE SOFTWARE 


RELEASE SOFTWARE 


(£c1) 


(f¢1) 


TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl) 
Copyright 1986-2002 by cisco Systems, Inc. 


Compiled Sat 02-Feb-02 02:08 by nmasa 


Example 4- 37 illustrates that r1's directly connected neighbors are r2, r3, and r5. Compare this 
output to Figure 4-1 and add notes such as r2 is connected to rl via the rlel r2e0 Ethernet link 
with an external |PX network number of 532. The r2 1OS is 12.0(21a). CDP assists you with MAC 
addresses, too. For example, look at r3 and r5 where the MAC addresses match the node you 
specified to use for serial interfaces in the first Trouble Ticket. The rl device connects to r3 via its 
s1 interface and tor5 via its sO interface. At a minimum, also document the frame types where 
IPX is concerned; show ipx interface brief can help with that. Other helpful documentation 
commands include show ipx route, show protocols, and so on, which you should perform on 
all your routers to get comfortable with your environment. Example 4-38 displays CDP 
information for r2. 


Example 4-38. CDP on r2 


r2>show cdp neigh detail 
Device ID? r3 
Entry address(es): 
Novell address: 548.3333.3333.3333 
Plattorm: Gisco 3640, Capabilities: Router 
Interface: Seriall, Port ID (outgoing port): Serial0/2 
Holdtime : 126 sec 
Version 
Cisco Internetwork Operating System Software 
IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl1) 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


Device ID: r3 


Entry address(es): 


Novell address: 564.3333..3333..3333 


Platform: cisco 3640, Capabilities: Router 

Interface: Serial0, Port ID (outgoing port): Serial0/1 

Holdtime : 125 sec 

Version 

Cisco Internetwork Operating System Software 

IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl) 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


Device ID: rl 
Entry address(es): 
Novell address: 532.0000.0c8d.6706 
Platform: cisco 2500, Capabilities: Router 
Interface: Ethernet0O, Port ID (outgoing port): Ethernetl 
Holdtime : 131 sec 
Version 
Cisco Internetwork Operating System Software 
TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl) 
Copyright 1986-2002 by cisco Systems, Inc. 


Compiled Sat 02-Feb-02 02:08 by nmasa 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


1: What 1OS command assists in determining detailed information if the router is 
propagating RIP updates? 


ers 


What 10S command assists in determining detailed information if the router is 
propagating SAP updates? 


What is the difference between the Novell internal IPX number and the Novell 
external IPX number? 


|v 


|= 


Fill in the following table with the missing Cisco and Novell encapsulation names. 


Cisco Novell Frame Novell Version 
Encapsulation Type Description Default 
ARPA Ethernet_I| EtherType pointer to | NetWare 6.x 
Layer 3 
NetWare 5.x 
SAP Length field NetWare 3.12 
through 
802.2 LLC SAP 
pointer to Layer 3 NetWare 4.x 
Novell- Ether Length field = NetWare 3.11 
Ethernet_SNAP Length field SNAP default for 


Token Ring and FDDI 
802.2 LLC SAP 


SNAP header 


Serial links All versions for serial 
links 


5: What type of packet does Figure 4-18 display? What form of Cisco encapsulation is 
used? 


Figure 4-18. Review Question 5 
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Explain the difference between Cisco ping and IPX ping. Which one is the default? 
Why would you change the default? How do you change the default? 


7: MTU is negotiated by NCP. It is 1500 for a local Ethernet segment and 576 bytes for 


the internetwork. How can you verify this? 


8: Theroute print command displays the routing table on a PC. How can you see this 


information on a router running |PX RIP? How about on a Novell server? 


9: How do you configure |PX RIP on a Cisco router? 


Q: Why doesn't |PX need ARP? 


1: Explain the following address: 


12345678.0000.0000.0001:0451 


12: How does !PX RIP find the best path to another network? How does this differ from IP 
RIP? 


13: Inthe chapter scenario, hosta is a Windows 2000 box. What command gives you the 
display in Figure 4-19? 


Figure 4-19. Review Question 13 
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Summary 


More and more companies are adopting IP-based networks, so shooting trouble with IPX may or 
may not be among your worries. To enhance your overall troubleshooting skills, you should gain 
an understanding of IPX end-to-end issues and know where to find the right tools and how to 
use the proper methods to ensure internetwork connectivity, availability, redundancy, 
responsiveness, and security. This chapter reviewed | PX protocols and packets, addressing, and 
routing protocol topics to prepare you for IPX troubleshooting. The focus now turns to Layer 2 
LAN and WAN technologies to continue to build your practical troubleshooting skills. 


Part Ill: Supporting Ethernet, Switches, 
and VLANs 


Chapter 5 Shooting Trouble with Ethernet 
Chapter 6 Shooting Trouble with CatOS and 10S 
Chapter 7 Shooting Trouble with VLANs on Routers and Switches 


Chapter 5. Shooting Trouble with Ethernet 


A solid understanding of Ethernet is as essential as supporting TCP/IP today. Many people have 
been using Ethernet since they started networking. Others have used it since the "frozen yellow 
garden hose" days of 1OBASE5. You have used it in all the scenarios and Trouble Tickets thus far 
and will continue to use it throughout the book and in the real world. Understanding and 
supporting Ethernet not only applies to the CCNP certification but to all industry certifications. 
This chapter assumes your understanding of the information from the previous chapters, 
including protocols, models, troubleshooting methods, support tools, and resources. 


In this chapter you combine some of the tasks from the preceding two chapters to build this 
chapter's scenario. Following the scenario is a review of Ethernet concepts, symptoms, problems, 
and action plans. To help you gain practical experience, this chapter contains several walk- 
through scenarios and practical Trouble Tickets for you explore. For those of you who do not 
have equipment handy, there are many relevant figures, examples, and explanations so that 
you, too, can shoot trouble with Ethernet. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with Ethernet 
e A Brief Summary of Ethernet 

e Ethernet Frames 

e Ethernet Addressing 

e Ethernet at the Physical Layer 

e Shooting Trouble with Ethernet 

e Trouble Tickets 


e Trouble Tickets Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table |-1 in the Introduction. 


Scenario: Shooting Trouble with Ethernet 


This chapter starts with the IPX hands-on scenario you left off with at the end of the Trouble Ticket 
Chapter 4, "Shooting Trouble with Novell |PX." The goals of the Shooting Trouble with Ethernet sce 
are for you to modify your routers according to Figure 5-1 and verify end-to-end connectivity. Host 
requires use of an IPX application on the gwise server, but it should also be able to communicate v 
the other hosts. The rest of the scenario suggests IP as the routed protocol and Enhanced Interior | 
Routing Protocol (EIGRP) as the routing protocol using autonomous system (AS) 500. The IP subne 
the circled numbers on the wires. There should be end-to-end IP connectivity between hosta and h 
Run IPX RIP on network number 516. The rest of the chapter deploys this scenario, so be sure to s. 
configurations before, during, and after you configure your devices. 


Figure 5-1. Shooting Trouble with Ethernet 
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NOTE 
My lab uses the 2514, 2501, 3640, 3620, and 2516 Cisco routers, but yours can include any 


number of devices that have similar interfaces. Connect the hosts off of rleO by way of a hub. 
SeeAppendix C, "Equipment Reference," for the hardware used throughout this book. 


Document your steps and any problems along the way. Save your work and don't forget to test thil 


Remember, however, that there is not always one right or wrong way to accomplish the task or tas 
presented. The ability to obtain the end result using good practices is extremely important in any r 
world network. My ending configurations are printed starting in Example 5-1 through Example 5-5 
you can compare your work. Use the previous troubleshooting checklists, your step-by-step 
troubleshooting methodology, and the Ethernet checklist in Table 5-1 to assist in testing. Refresh y 
memory by looking back at Table 3-1 (IP Checklist) and Table 4-1 (IPX Checklist) now. 


NOTE 


A very quick way to eliminate all |PX commands on r2 through r5 is by using the global 


commandno ipx routing. 


Table 5-1. Ethernet Layer 1 and 2 Quick Troubleshooting Checklist 


Isolating Problems 


Commands and Symptoms 


Cable, NIC, hub, switch 
Physical inspection 
Protocol analyzer 
TDR/OTDR 

NIC software configuration 

Segmentation 


Concentrate on interfaces and controllers for 
lower-level targets 


See IP and I PX Checklists for ping, trace, and other 
relevant router/desktop tools. 


show ip interface brief 
show ipx interface brief 
show controllers 

show interfaces [interface] 
show ip interface [interface] 


show ipx interface [ interface] 


Drivers 


www.winfiles.com 


www.driverguide.com 


Encapsulation 


Know your frame types 


show interfaces [ interface] 
show ipx interface brief 


NIC diagnostics/properties 


Autonegotiation 
Speed issues cause connectivity problems 


Duplex issues cause performance problems 


show interface [ interface] 


Collisions on a full-duplex link, for example. 


One-way link 


You can receive but can't transmit or vice 
versa 


Check the cable. 


Example 5-1. r1 Configuration (2514) 


rl#show running-config 

Building configuration... + 

Current configuration: 
version 12.0 

service timestamps debug uptime 

service timestamps log uptime 
no service password-encryption 
hostname rl 
enable secret 5 $1$m0s2SPq/6.NpOCSzhbQI1Ny.cnG/ 
enable password donna 

ip subnet-—zero 

ipx routing 1111.1111.1111 

ipx ping-default novell 

interface Ethernet0 

description rleO to hosta and hostb 

ip address 2192:.168.5.17 255:.255:.255 2240 
no ip directed-broadcast 

ipx encapsulation SAP 

ipx network 516 
interface Ethernetl 

description rlel to r2e0 

ip address: 192.168.5533 2552255..255 2240 
no ip directed-broadcast 
interface SerialO 

description rls0O to r5s0 


bandwidth 64 


ip address L0.1.1.1 255.2551. 255...0 

no ip directed-broadcast 

no ip mroute-cache 

no fair-—queue 

interface Seriall 

description rlsl to r3s0/0 

bandwidth 64 

ip address 192.168:5.81 255.255.255.240 
no ip directed-broadcast 
router eigrp 500 

network 10.0.0.0 

network 192.168.5.0 

no auto-summary 
ip classless 
tftp-server flash:c2500-js-1.120-21la.bin 
line con 0 

logging synchronous 

transport input none 


line aux 0 


line vty 0 4 
password donna 
Logan 


end 


Example 5-2. r2 Configuration (2501) 


r2#show running-config 


Building configuration... 

Current configuration: 

version 12.0 

service timestamps debug uptime 

service timestamps log uptime 

no service password-encryption 

hostname r2 

enable secret 5 $1$5FjBSOHtAhTOCisLWla5qzy3RJ1 
enable password donna 


ip subnet=zero 


interface Ethernet0O 

description r2e0 to rlel 

ip address 192.168.5.34 255.255.255.240 
no ip directed-broadcast 

interface Serial0 

description r2s0 to r3s0/1 

bandwidth 64 

ip address 192..16855.65 255.255.255.240 
no ip directed-broadcast 

no ip mroute-cache 

no fair-—queue 

interface Seriall 

description r2sl1 to r3s0/2 

bandwidth 64 

ip address 192.168.5.49 255.255.255.240 
no ip directed-broadcast 
router eigrp 500 


network 192.168.5.0 


ip classless 

line con 0 

logging synchronous 
transport input none 
line aux 0 

line vty 0 4 

password donna 

login 


end 


Example 5-3. r3 Configuration (3640) 


r3#show running-config 

Building: Conlrgurat won. 3 
Current configuration: 
version 12.0 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
hostname r3 

enable secret 5 S1SVA..$TqTkW/PwrIl4bRPF1zj2ZCul 
enable password donna 

ip subnet-—zero 

interface Serial0/0 

description r3s0/0 to risl 
bandwidth 64 


ip address 192.168 ..5.62 255.255.259.240 


no ip directed=broadcast 

no ip mroute-cache 

no fair-queue 

clockrate 64000 

interface Serial0/1 

description r3s0/1 to r2s0 

bandwidth 64 

ip address 192.168.5.66 255.255.255.240 
no ip directed=broadcast 

clockrate 64000 

interface Serial0/2 

description r3s0/2 to r2sl1 

bandwidth 64 

ip address 192:168.5.50 255.255.255.240 
no ip directed-broadcast 

clockrate 64000 

interface Serial0/3 

description r3s0/3 to r4s0/0 

bandwidth 64 

ip address 10.2:52.1 255.255.255..0 


no ip directed-broadcast 


interface FastEthernet2/0 

description r3fa2/0 to hostc 

ip address 192.168.5.97 255.255.255.240 
no ip directed-broadcast 
router eigrp 500 


network 10.0.0.0 


network 192.168.5.0 


no auto-summary 


ip classless 


line con 0 


logging synchronous 


transport input none 


line aux 0 


line vty 0 4 


password donna 


login 


end 


Example 5-4. r4 Configuration (3620) 


r4#show running-config 
Building configurations. 
Current configuration: 


version 11.3 


service timestamps debug uptime 


service timestamps log uptime 


no service password-encryption 


hostname r4 


enable secret 5 $1SCODd$kk 


enable password donna 


interface Ethernet0/0 


no ip address 


shutdown 


Bg8CqxD2ZVjcHq8uvx! 


interface Serial0/0 
description r4s0/0 to r3s0/3 
ip address 10.2.2.2 255.255.255..0 
no ip mroute-cache 

bandwidth 64 

no fair-queue 

clockrate 64000 

interface Serial0/1 

no ip address 

shutdown 
router eigrp 500 

network 10.0..0.0 

no auto-summary 

ip classless 

line con 0 

logging synchronous 

line aux 0 

line vty 0 4 

password donna 

login 


end 


Example 5-5. r5 Configuration (2516) 


r5#show running-config 
Building configuration. .:.< 


Current configuration: 


version: 12..:0 

service timestamps debug uptime 

service timestamps log uptime 

no service password-encryption 

hostname r5 

enable secret 5 $1S$eozMSNyPHA2CFPGE4V4xV806YS0 
enable password donna 


ip subnet-—zero 


interface Ethernet0O 


no ip address 


no ip directed-broadcast 


shutdown 


interface Serial0O 


description r5s0 to ris0O 


bandwidth 64 


Ip address 10..1.1..2 259%, 2900 0200's 0 


no ip directed-broadcast 


no ip mroute-cache 


no fair-queue 


clockrate 64000 


interface Seriall 


no ip address 


no ip directed-broadcast 


shutdown 


interface BRIO 


no ip address 


no ip directed-broadcast 


shutdown 


router eigrp 500 


network 10.0.0.0 


no auto-summary 


ip classless 


line con 0 


logging synchronous 


transport input none 


line aux 0 


line vty 0 4 


password donna 


login 


end 


Next you should double-check your host configurations. Physically hosta, hostb, and the gwise ser\ 
should be connected to rl1e0 via a hub. Internetwork Packet Exchange (IPX) should be running on i 


hostb, and IP should be running on all hosts. (See Table 5-2.) 


Table 5-2. 1P Host Configuration 


IP Address Subnet Mask Gateway 
hosta 192.168.5.18 255.255.255.240 192.168.5.17 
hostb 192.168.5.19 255.255.255.240 192.168.5.17 
hostc 192.168.5.98 255.255.255.240 192.168.5.97 


Now that the routers and the hosts are configured for interoperability, test things out starting with 
Example 5-6. | started with show ip route because, most of the time, | don't assume that there is 


something wrong. If things are missing from the routing table, you need to investigate why. 


Example 5-6. Verifying IP Routes on rl 


rl#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o - ODR 
Gateway of last resort is not set 


192.168.5.0/28 is subnetted, 6 subnets 


D 192.168.5.96 [90/40514560] via 192.168.5.82,. 00:39:19, Seriall 

D 192.168.5.64 [90/40537600] via 192.168.5.34, 00:39:19, Ethernetl 
Cc 192.168.5.80 is directly connected, Seriall 

(es 192.168.5.32 is directly connected, Ethernetl 

D 192.168.5.48 [90/40537600] via 192.168.5.34, 00:39:19, Ethernetl 
(ey 192.168.5.16 is directly connected, Ethernet0O 


10.0.0.0/24 is subnetted, 2 subnets 


D 10.2.2.0 [90/41024000] via 192.168.5.82, 00:39:19, Seriall 
Cc 10.1.1.0 is directly connected, Serial0O 
r1i# 


Compare the output of Example 5-6 to Figure 5-1. Ensure that all of your directly connected routes 
listed in your routing table as well as the EIGRP-learned routes. At a quick glance, the shaded outp 
indicates six subnets under 192.168.5.0/28 and two subnets under 10.0.0.0/24. If any subnets are 
missing, investigate why. 


Looking at the routing table is a quick way to troubleshoot many issues. If you are looking for apa 
network, however, it is less confusing to just list the address after the show ip route command as 
Example 5-7. 


Example 5-7. Finding a Particular Route on rl 


rl#show ip route 10.2.2.0 


Routing entry for 10.2.2.0/24 
Known via "eigrp 500", distance 90, metric 41024000, type internal 
Redistributing via eigrp 500 
hast update from 192.168.5:.82 on Serirall, QO0%51:39 ago 
Routing Descriptor Blocks: 
* 192.168.5.82, from 192.1,68.5.82, 00251239 ago, via Serrall 
Route metric is 41024000, traffic share count is 1 
Total delay is 40000 microseconds, minimum bandwidth is 64 Kbit 
Reliability 255/255, minimum MTU 1500 bytes 
Loading 1/255, Hops 1 


v1l# 


If your routing table looks like the one in Example 5-8 rather than the one in Example 5-6, refer be 
Chapter 3, "Shooting Trouble with IP," or research discontiguous subnets and EI GRP on Cisco.com 
help. 


Example 5-8. Missing Network 10.2.2.0 


rl#show ip route 


192.168.5.0/24 is variably subnetted, 7 subnets, 2 masks 


D 192..168.5.96/28 [90/2172416] ‘vie 192.168.5.82,. 00205210, Seriall 

D 192.168.5.64/28 [90/40537600] via 192.168.5.34, 00:15:18, Ethernetl 
c 192.168.5.80/28 is directly connected, Seriall 

c 192.168.5.32/28 is directly connected, Ethernetl 

D 192.168.5.48/28 [90/40537600] via 192.168.5.34, 00:15:18, Ethernetl 
D 192.168.5.0/24 is a summary, 00:23:00, Null0 

‘ 192.168.5.16/28 is directly connected, Ethernet0O 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 


Cc 10.1.1.0/24 is directly connected, Serial0 
D LO2sO: O02 O78. As 2 summary, OOsL1i238, Nolo 


r1# 


From your research, you should have found that EIGRP handles discontiguous subnets just like RIP 
does. For this to work properly, you must use the no auto-Summary command in the router confi 
mode. Your routing table hint should have been the automatic classful summarization of 192.168.5 
and 10.0.0.0/8 with a summary route to null0. A quick ping test from hosta to hostc would have ill 
end-to-end host connectivity, but would not have brought out any network 10.0.0.0 issues. Howev 
would have been pretty confused as to which way to direct the packets for network 10.0.0.0. 


Next verify that IPX and RIP are running on rle0O with me in Example 5-9. 


Example 5-9. Verify 1PX on rl 


rl#show ipx route 

Codes: C - Connected primary network, c -— Connected secondary network 
S = Static, F = Floating static, L = Local (internal), W — IPXWAN 
R -—- RIP, E -— EIGRP, N - NLSP, X - External, A - Aggregate 
s - seconds, u - uses, U - Per-user static 

2 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 

No default route known. 

Cc 516 (SAP), Et0O 

R 346648E2 [02/01] via 516.0080.29e8.5c6b, 56s, Et0 

rl#show ipx interface ethernet 0 

EthernetO is up, line protocol is up 

IPX address is 516.0000.0c8d.6705, SAP [up] 


Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 


RIP packets received 119, RIP packets sent 3977 


SAP packets received 117, SAP packets sent 1 


rl#show ipx servers 
Codes: S -— Static, P - Periodic, E -— EIGRP, N - NLSP, H — Holddown, + = detail 
U = Per=-usér statxe 
4 Total IPX Servers 


Table ordering is based on routing and server info 


Type Name Net Address Port Route Hops Itf 
P 4 GWISE 346648E2.0000.0000.0001:0451 2/01 1 Eto 
P 107 GWISE 346648E2.0000.0000.0001:8104 2/01 1 Eto 
P 26B GWISE_TREE 346648E2.0000.0000.0001:0005 27/04 1 Eto 
P 278 GWISE_TREE 346648E2.0000.0000.0001:4006 2/01 1 Eto 


rl#ping ipx 346648e2.0.0.1 
Type escape sequence to abort. 


Sending 5, 100-byte IPX Novell Echoes to 346648E2.0000.0000.0001, timeout is 2 sec 


Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 


v1l# 


Although not shown in these examples, the rest of the routers have the correct information in their 
tables. Verify yours now. Perform some ping tests from every router (like | do with r2 in Example = 


Example 5-10. r2 Ping Testing 


r2>ping 192.168.5.17 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168 .5.17, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms 
r2>ping 192.168.5.82 


Type escape sequence to abort. 


Sending 5, 100=byte ICMP Bchos to 192.168.5.82, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms 
r2>ping 192.168.5.97 

Type escape sequence to abort. 

Sending 5, 100=-byte ICMP Echos to 192.168.5.97, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms 
r2>ping 10.2.2.2 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/61/68 ms 


r2> 


Finally, analyze the host routing tables and ping from hosta and hostb to hostc to test end-to-end | 
connectivity as in Example 5-11. To test the higher layers, feel free to run an application such as T: 
TFTP, or FTP. If you can copy all of your configuration files to the same TFTP server, for example, t 
would test from the Physical to the Application Layers. Alternatively, if you can Telnet to every rout 
every host, that is another good test of all the layers. 


Example 5-11. Testing End-to-End Connectivity from hosta to hostc 


C:\>route print 


ET, 5:8 sei inkints tone cesideine: Radek de inwionid tends MS TCP Loopback interface 


Ox2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter 


OZTO00 C04. 6.2.50: LO. 4b: ad: ae 50) ssscestne FE575 Ethernet Adapter 


Active Routes: 

Network Destination 

GC. Oi: O'O 

12720 0¢0 

192 2168.25.16 

192.168 . 5.18 

192 168.2 5:.255 

224.0.0.0 

2552259. 2594255 


Default Gateway: 


Netmask 


0.51030 0 


29060 5(0'10 


200i LOO 200% 


259 Zoe 00% 


ZOOS LOO Meo o!s 


224.0.0.0 


2902005 200200) 


1? 61680 DLT 


Gateway 


192 16035217 


1 OO. 1 


192.168 :5218 


127 50:30:21 


192.168.5218 


192.0168::5.3 13 


192.1605 218 


Interface 


192 .1603.5:.18 


LAT Ost 


19? -168)352:18 


1A Ose 


192.1685 5:2 13 


192..168).:5.5 13 


Metric 


Persistent Routes: 
None 


C:\>ping 192.168.5. 


98 


Pinging 192.168.5938 with 32. bytes of datas 


Reply from 192.168.5.98: bytes=32 time=20ms TTL=126 
Reply from 192.168.5.98: bytes=32 time=10ms TTL=126 
Reply from 192.168.5.98: bytes=32 time=10ms TTL=126 
Reply from 192.168.5.98: bytes=32 time=10ms TTL=126 
Ping statistics for 192.1768 .5.98% 
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = 10ms, Maximum = 20ms, Average = 12ms 
C:\>arp —-a 
Interface: 192.168.5.18 on Interface 0x1000004 
Internet Address Physical Address Type 
192 .168:.5. 17 O0=00=Ge=8d=67=05 dynamic 


C:\>tracert 192.168.5.98 


Tracing route to HOSTC [192.168.5.93] 


over a maximum of 30 hops: 


il <10 ms 10 ms <hO ms: 192.268.5617 
2 20 ms 20 ms 20 ms 192.168.5.82 
3 20 ms 30 ms 30 ms HOSTC [192.168.5.98] 


Trace complete. 


CH\e 


NOTE 


If you are seeing other routes in your routing table, you may be connected to the Internet via 
your Internet service provider (ISP). Disconnect to alleviate the confusion, for the labs in this 
book assume you are connected only to what is in the scenario drawings. 


These tools are the same tools you have been using throughout this book and are the same tools y 
continue to use in supporting day-to-day networks. If Layer 3 is working, so are Layer 2 and Layer 
ping from hosta to hostc verifies that you can communicate to a remote network unless an access | 
something is blocking a particular address, network, or application port. Don't forget to verify the : 
tests from hostb to hostc. Compare the Address Resolution Protocol (ARP) tables on the hosts to th 
table on rl as in Example 5-12. At first my ARP table on rl did not display an entry for hostb, but | 
found that | had an incorrect IP address configured for hostb. When |! fixed that, the ARP table was 


Example 5-12. rl ARP Table 


rl>show ip arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Invernet. 192.168.5333 7 0000.0c8d.6706 ARPA BRthernet 1 
Internet 192.168 .5.34 Lod 0000.0c38.a05d ARPA BRthernet1 
Internet. 192.5168:.5..17 - 0000.0c8d.6705 ARPA BRthernet0 
Internet 192.468.5318 2 0010.4ba5.ae50 ARPA BRtherneto0 


!!!fixed ip address on hostb here 


rl>show ip arp 


Protocol Address Age (min) Hardware Addr Type Interface 


Internet 192.168.5.33 - 0000.0c8d.6706 ARPA Ethernet1l 
Internet 192.168.5.34 174 0000.0c38.a05d ARPA Ethernetl 
Internet 192.168.5.17 - 0000.0c8d.6705 ARPA Ethernet0 
Internet 192:..168.5.19 0 0080.c7vaa.c887 ARPA Ethernet0 
Internet 192.168.5.18 18 0010.4ba5.ae50 ARPA Ethernet0 
ri> 


For a change, everything is successful for this chapter scenario. However, you must be familiar wit 
right tools to help you find and narrow the problem down into its components. Besides ping, trace, 
and routing tables, Cisco Discovery Protocol (CDP) is quite helpful in initial troubleshooting steps a 


Ethernet operates at Layer 1 and Layer 2 and lower layer targets in general are interfaces and cont 
A quick test for host or router communications is to ping from end-to-end as you did in the previou 
examples. However, what if the end-to-end ping fails? The tracert command in Example 5-11 illus 
the exact path the packets took from hosta to hostc. The hop-by-hop display can assist with findin« 
the pings are failing. The ping and trace tools most definitely complement one another and should 
together. 


NOTE 


As emphasized in Chapter 2, "What's in Your Tool Bag?" you should use ping to identify lower- 
level troubleshooting targets. Ping the loopback address (127.0.0.1), ping yourself (your IP 
address), ping someone local, ping the default gateway, and ping a remote host. | must tell y: 
however, that many times | skip the local activity and just try my gateway first; then | can wc 
from there. If you are still having problems, trace is a great companion utility to ping. The pin 
and trace tools complement one another. Ping shows connectivity and delay up to Layer 3, an 
trace shows the path from the source to the destination. Don't forget about the extended 
versions of both of them from the enable mode. For example, perhaps the issue is your gatew 
and you can source the ping from another interface. 


Continue to use a layered methodology yet divide and conquer to fix any problems at this time. Re 
to the previous chapters' quick troubleshooting checklists for hints. 


Next | want to focus a little more on lower-layer targets. It is vital to look at interfaces and control 
assist with Ethernet troubleshooting at the Data Link Layer. Documentation such as charts and dra 
make this much easier. In addition, the ping statistics prove quite useful to see whether a link is d¢ 
there is some type of congestion. If a problem exists between the source and the destination, trace 
useful to narrow down where to start your troubleshooting. 


Use the commands in Table 5-3 to prepare a page of documentation for each one of your routers. 
Appendix B, "Troubleshooting Resources," includes this as a router documentation template for you 


Table 5-3. Commands to Help You Document Your Routers 


Command Information Provided 

show version 10S, RAM, Flash, and configuration register 

show cdp neighborsdetail IP, device, and!OS version, and the connected interfaces 

show ip interface brief Status and IP 

show ipx interface brief Network, encapsulation, | PX status and state 

show interfaces [ interface] MAC, IP, Bandwidth (BW), encapsulation, keepalive, duplex, and 


show ip interface [interface] — |P statistics 


show ipx interface [interface] | |PX statistics 


show protocols IP and!PX routing process and addresses 


show ip protocols Routing protocol and details, including summarization and 
redistribution 


show access-lists Access Lists (ACLs) and hits 
show ip access-lists 
[access-list] 

show ipx access-lists 


[access-list] 


The commands on rl appear in Example 5-13 through Example 5-20. You will thank yourself not o 
during the Trouble Tickets but also in the real world if you take the time to do this up front. Alternz 
you can get a very large sheet of paper and increase the size of your scenario drawing so that you 

room for all the minute details that may assist you in troubleshooting later. Many network manage 
programs capture these statistics automatically for you today. However, people like you and | still 

know where to start to get things back to normal when lights and alerts go off. It helps to have ad 
and the detailed data if someone comes to you with a real Trouble Ticket to solve. 


Example 5-13. r1 show version 


rl#show version 

Cisco Internetwork Operating System Software 

TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl1) 
Copyright 1986-2002 by cisco Systems, Inc. 


Compiled Sat 02-Feb-02 02:08 by nmasa 


Image text—-base: 0x030520E0, data-base: 0x00001000 


ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWAR 


Gl 


BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE 


rl uptime is 3 days, 21 hours, 24 minutes 
System restarted by power-on 


System image file is "flash:c2500-js-1.120-21la.bin" 


SOFTWAR 


cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory. 


Processor board ID 03074719, with hardware revision 00000000 
Bridging software. 

X.25 software, Version 3.0.0. 

SuperLAT software (copyright 1990 by Meridian Technology Corp). 
TN3270 Emulation software. 

2 Ethernet/IEEE 802.3 interface(s) 

2 Serial network interface(s) 

32K bytes of non-volatile configuration memory. 

16384K bytes of processor board System flash (Read ONLY) 


Contiguration register 1s 0x2102 


Example 5-14. rl Neighbors 


rl#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 


S - Switch, H —- Host, I - IGMP, r —- Repeater 


Device ID Local. Intrfce Holdtme Capability Platform Port ID 
2 Bth 1 LF R 2500 Eth 0 
eS Ser 1 174 R 3640 Ser 0/0 


eS Ser 0 132 R 2516 Ser 0 


rl#show cdp neighbors detail 


Device ID: r2 


Entry address(es): 


IP address: 192.168.5.34 


Platiorm:: Cisco: 2500, Capabilities: Router 


Interface: Ethernet1l, Port ID (outgoing port): Ethernet0O 


Holdtime : 149 sec 


Version 


Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), 


Copyright 1986-2002 by cisco Systems, Inc. 


Compiled Sat 02-Feb-02 02:08 by nmasa 


Device ID: r3 


Entry address(es): 


IP addresis::. 192.166.5382 


Plattiorm: Gisco 3640, Capabilities: Router 


Interface: Seriall, Port ID (outgoing port): Serial0/0 


Holdtime : 164 sec 


Version 


Cisco Internetwork Operating System Software 


IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), 


Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


Device ID: r5 


Entry address(es): 


RELEASE SOFTWARE 


RELEASE SOFTWARE 


(fel) 


(£eL) 


IP address: 10.41.1232 
Plakiorm:: ‘Gisco 2516, Capabilities: Router 
Interface: Serial0O, Port ID (outgoing port): Serial0 
Holdtime 121 sec 
Version 


Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE 
Copyright 1986-2002 by cisco Systems, Inc. 

Compiled Sat 02-Feb-02 02:08 by nmasa 

Example 5-15. r1 Brief Interface Statistics 

rl#show ip interface brief 

Interface IP-Address OK? Method Status 

Ethernet0O 192 2168 .5.217 YES manual up 

Ethernetl 192.168 25033 YES manual up 

Serial0o DO nth, We all YES manual up 

Seriall 192.168 2550831) YES manual up 

rl#show ipx interface brief 

Interface IPX Network Encapsulation Status IP 
Ethernet0O 516 SAP up [u 
Ethernetl unassigned not config'd up n/ 
Serial0O unassigned not config'd up n/ 
Seriall unassigned not config'd up n/ 


Example 5-16. r1 Interface Statistics 


(fel) 


Protocol 


up 


up 


up 


up 


x State 


Pp] 


a 


a 


a 


rl#show interfaces 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: rle0O to hosta and hostb 
Internet address is 192.168.5.17/28 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:10, output 00:00:01, output hang never 
Last clearing of "Show interface" counters 1d03h 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
8201 packets input, 1586890 bytes, 0 no buffer 
Received 7778 broadcasts, O runts, O giants, O throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
33932 packets output, 2793718 bytes, O underruns 
0 output errors, O collisions, 1 interface resets 
0 babbles, O late collision, O deferred 
0 lost carrier, O no carrier 
0 output buffer failures, 0 output buffers swapped out 
Ethernetl is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6706 (bia 0000.0c8d.6706) 
Description: rlel to r2e0 
Internet address is 192.168.5.33/28 


MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 


Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:00, output 00:00:04, output hang never 
Last clearing of "show interface" counters 1d03h 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
23310 packets input, 2098244 bytes, 0 no buffer 
Received 23260 broadcasts, O runts, O giants, 0 throttles 
QO input errors, 0 CRC, O frame, 0O overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
33572 packets output, 2717907 bytes, O underruns 
0 output errors, O collisions, 3 interface resets 
0 babbles, O late collision, 1 deferred 
QO lost carrier, O no carrier 
0 output buffer failures, O output buffers swapped out 
SerialO is up, line protocol is up 
Hardware is HD64570 
Description: risO to ros0 
Internet address is 10.1.1.1/24 


MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:03, output 00:00:00, output hang never 
Last clearing of "show interface" counters 1d03h 

Queueing strategy: fifo 

Output queue 0/40, 0 drops; input queue 0/75, 0 drops 


5 minute input rate 0 bits/sec, 0 packets/sec 


5 minute output rate 0 bits/sec, 0 packets/sec 
33112 packets input, 2054389 bytes, 0O no buffer 
Received 11686 broadcasts, 0O runts, 0 giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
33165 packets output, 2058532 bytes, O underruns 
0 output errors, O collisions, 0 interface resets 
0 output buffer failures, 0 output buffers swapped out 
0 carrier transitions 
DCD=up DSR=up DTR=up RTS=up = CTS=up 
Seriall is up, line protocol is up 
Hardware is HD64570 
Description: rlsl to r3s0/0 
Internet address is 192.168.5.81/28 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:03, output 00:00:03, output hang never 
Last clearing of "show interface" counters 1d03h 
Input queue: 0/75/0 (size/max/drops); Total output drops: 0 
Queueing strategy: weighted fair 
Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/2/256 (active/max active/max total) 
Reserved Conversations 0/0 (allocated/max allocated) 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
33646 packets input, 2123261 bytes, 0O no buffer 
Received 11701 broadcasts, O runts, O giants, O throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 


33764 packets output, 2105641 bytes, O underruns 


0 output errors, O collisions, 0 interface resets 
0 output buffer failures, O output buffers swapped out 
0 carrier transitions 


DCD=up DSR=up DTR=up RTS=up CTS=up 


Example 5-17.1P Interface Defaults and Settings 


rl#show ip interface 
EthernetO is up, line protocol is up 
Internet address is 192.168.5.17/28 


Broadcast address is 255.255.255.255 


Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 


Directed broadcast forwarding is disabled 


Multicast reserved groups joined: 224.0.0.10 
Outgoing access list is not set 

Inbound access list is not set 

Proxy ARP is enabled 

Security level is default 

Split horizon is enabled 

ICMP redirects are always sent 

ICMP unreachables are always sent 

ICMP mask replies are never sent 

IP fast switching is enabled 

IP fast switching on the same interface is disabled 


IP Fast switching turbo vector 


IP multicast fast switching is enabled 
IP multicast distributed fast switching is disabled 
IP route-cache flags are Fast 
Router Discovery is disabled 
IP output packet accounting is disabled 
IP access violation accounting is disabled 
TCP/IP header compression is disabled 
RTP/IP header compression is disabled 
Probe proxy name replies are disabled 
Policy routing is disabled 
Network address translation is disabled 
Web Cache Redirect is disabled 
BGP Policy Mapping is disabled 

Ethernetl is up, line protocol is up 
Internet address is 192.168.5.33/28 
Broadeast addréss 18: 259.259.259.259 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Multicast reserved groups joined: 224.0.0.10 
Outgoing access list is not set 
Inbound access list is not set 
Proxy ARP is enabled 
Security level is default 
Split horizon is enabled 
ICMP redirects are always sent 


ICMP unreachables are always sent 


ICMP mask replies are never sent 
IP fast switching is enabled 
IP fast switching on the same interface is disabled 
IP Fast switching turbo vector 
IP multicast fast switching is enabled 
IP multicast distributed fast switching is disabled 
IP route-cache flags are Fast 
Router Discovery is disabled 
IP output packet accounting is disabled 
IP access violation accounting is disabled 
TCP/IP header compression is disabled 
RTP/IP header compression is disabled 
Probe proxy name replies are disabled 
Policy routing is disabled 
Network address translation is disabled 
Web Cache Redirect is disabled 
BGP Policy Mapping is disabled 
SerialO is up, line protocol is up 
Internet address is 10.1.1.1/24 
Broadcast addréss is 255.255.255.255 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Multicast reserved groups joined: 224.0.0.10 
Outgoing access list is not set 
Inbound access list is not set 


Proxy ARP is enabled 


Security level is default 
Split horizon is enabled 
ICMP redirects are always sent 
ICMP unreachables are always sent 
ICMP mask replies are never sent 
IP fast switching is enabled 
IP fast switching on the same interface is enabled 
IP Fast switching turbo vector 
IP multicast fast switching is disabled 
IP multicast distributed fast switching is disabled 
IP route-cache flags are Fast 
Router Discovery is disabled 
IP output packet accounting is disabled 
IP access violation accounting is disabled 
TCP/IP header compression is disabled 
RTP/IP header compression is disabled 
Probe proxy name replies are disabled 
Policy routing is disabled 
Network address translation is disabled 
Web Cache Redirect is disabled 
BGP Policy Mapping is disabled 

Seriall is up, line protocol is up 
Internet address is 192.168.5.81/28 
Broadcast addréss 1s: 259.259.259.259 
Address determined by setup command 
MTU is 1500 bytes 
Helper address is not set 


Directed broadcast forwarding is disabled 


Multicast reserved groups joined: 224.0.0.10 
Outgoing access list is not set 

Inbound access list is not set 

Proxy ARP is enabled 

Security level is default 

Split horizon is enabled 

ICMP redirects are always sent 

ICMP unreachables are always sent 

ICMP mask replies are never sent 

IP fast switching is enabled 

IP fast switching on the same interface is enabled 
IP Fast switching turbo vector 

IP multicast fast switching is enabled 

IP multicast distributed fast switching is disabled 
IP route-cache flags are Fast 

Router Discovery is disabled 

IP output packet accounting is disabled 

IP access violation accounting is disabled 
TCP/IP header compression is disabled 

RTP/IP header compression is disabled 

Probe proxy name replies are disabled 

Policy routing is disabled 

Network address translation is disabled 

Web Cache Redirect is disabled 


BGP Policy Mapping is disabled 


Example 5-18. 1PX Interface Ethernet 0 Statistics 


rl#show ipx interface ethernet 0 
EthernetO is up, line protocol is up 
IPX address is 516.0000.0c8d.6705, SAP [up] 
Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 
IPXWAN processing not enabled on this interface. 
IPX SAP update interval is 60 seconds 
IPX type 20 propagation packet forwarding is disabled 
Incoming access list is not set 
Outgoing access list is not set 
IPX helper access list is not set 
SAP GNS processing enabled, delay 0 ms, output filter list is not set 
SAP Input filter list. as. not set 
SAP Output filter list is not set 
SAP Router filter list is not sét 
Input filter list is not set 
Output filter list is not set 
Router filter list is not set 
Netbios Input host access list is not set 
Netbios Input bytes access list is not set 
Netbios Output host access list is not set 


Netbios Output bytes access list is not set 


Updates each 60 seconds aging multiples RIP: 3 SAP: 3 


SAP interpacket delay is 55 ms, maximum size is 480 bytes 


RIP interpacket delay is 55 ms, maximum size is 432 bytes 
RIP response delay is not set 

IPX accounting is disabled 

IPX fast switching is configured (enabled) 


RIP packets received 1659, RIP packets sent 3977 


SAP packets received 1653, 


SAP packets sent 1 


Example 5-19. rl Protocol Commands 


rl#show protocols 


Global values: 


Internet Protocol routing is enabled 


IPX routing is enabled 


EthernetO is up, line protocol is up 


Internet address is 192.168.5.17/28 


TPxX address 1s. 516.0000 .0c8d.6705 


Ethernetl is up, line protocol is up 


Internet address is 192.168.5.33/28 


SerialO is up, line protocol is up 


Internet address: as 10.1.1.1/24 


Seriall is up, line protocol is up 


Internet address is 192.168.5.81/28 


rl#show ip protocols 


Routing Protocol is ' 


"eigrp 500" 


Outgoing update filter list for all 


Incoming update filter list for all 


interfaces is not set 


interfaces is not set 


Default networks flagged in outgoing updates 


Default networks accepted from incoming updates 


EIGRP maximum hopcount 100 


EIGRP maximum metric variance 1 


Redistributing: eigrp 500 


EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 


Automatic network summarization is not in effect 


Routing for Networks: 


10.0.0.0 


192 «168.50 


Routing Information Sources: 


Gateway Distance Last Update 
(this. router) 5 1d03h 

WO ST ede 90 O5e21222 
192 21685382 90 05221 224 
192-168 1534 90 O5¢21225 


Distance: internal 90 external 170 


Example 5-20. Access Lists 


rl#show access-lists 
rl#show ip access-lists 
rl#show ipx access-lists 


r1l# 


As you can see, the commands presented in Table 5-3 are helpful to compile the documentation pr 
inFigure 5-2. You should be feeling much better about the importance of documentation. Pictures a 
tables help capture lots of useful information that saves you a great deal of time when it comes to 
troubleshooting. This makes it easy to spot any inconsistencies. In the practical environment, | wot 
much rather do more work up front rather than when people are waiting for me to fix something. 


Figure 5-2. rl Documentation 


View full size image 


Hostname:r! Model: 2514 

00S: 12.0/21a) Filename: c2500-/s-. 120-21 a bin 

RAM: 1439620484 Flash: 16384K = Contig register: 0x2102 
Routing protocols: (PX AIP IP EIGRP 

Redistribution: 

poeta 


Other notes: 
hosta: Win2K WinBook (192. 168.5.18/28) (3Com PCMCIA NIC 00104BA5AES0) IP-arpalPX-sap 10Mbpshall Client for Microsoft and 
NetWare Networks 

hostb: Wir96 Toshiba (192. 168.5. 19/26) (Xircom CE-lips NIC 0060C7AACES7) IP-arpatPX-sap 10 Mbpe/hait Client for Microsoft and 
NetWare Networks File and Printer Sharing tor Microsott 

gwise: NetWare 4.11 Server(NE2000P ius NIC 006029EB85C68) Frame type 802.2 1RO10'10300 administratoe-password 


. — | 


~ — 0c8d.6706 192.168.5328 
10.1.4.1/24 
OAX/OTE 


ina — rf | | | 


NOTE 


Although | have provided documentation only for rl, you should now repeat this for every dev 
in your lab. Use the rl worksheet in Figure 5-2 as a template. If you are using higher end 
routers/switches for your lab, add modules and slots to your documentation. | cover that mort 
Chapter 6, "Shooting Trouble with CatOS and 10S," and Chapter 7, "Shooting Trouble with VL 
on Routers and Switches." 


Now that the existing Ethernet scenario is documented, | briefly discuss Ethernet and then cover Et 
Data Link and Physical Layer troubleshooting targets in more detail. 


A Brief Summary of Ethernet 


Ethernet dates back to the late 1960s, when Norman Abramson designed the University of 
Hawaii's Aloha radio network. It connected the |BM mainframe on the island of Oahu to the other 
islands and ships at sea. 


Bob Metcalfe was working for Xerox Corporation's Palo Alto Research Center (PARC) in the early 
1970s. He stumbled across the earlier work of Abramson during his task to connect the ALTO 
(first PC with a graphical user interface) to ARPANET. The Alto Aloha Network first ran in 1973, 
and Bob Metcalfe talked about the physical medium as ether. The original Ethernet bandwidth 
was 2.94 Mbps. 


NOTE 


View the first Ethernet drawing and investigate more extensive details about Ethernet 
atwww.ethermanage.com/ ethernet/ethernet. html. 


Today, Ethernet works over various speeds (10, 100, 1000, and 10,000 Mbps) and over a 
multitude of media types such as coax, twisted pair, fiber, and wireless. 


10-Mbps Ethernet 


The 2.94-Mbps Xerox Ethernet set the stage for Institute of Electrical and Electronic Engineers 
(IEEE) and Digital Intel Xerox (DIX) Ethernet. In 1980 Xerox along with Digital and Intel 
published DIX Ethernet version 1. This same consortium published DIX version 2 (Ethernet II) 
around 1982. Before the final standards were in place, Metcalfe was off in another 
entrepreneurial venture helping 3Com productize Ethernet with Ethernet NICs and other devices. 


About the same time the DIX specs were published, the |EEE 802 project formed. According to 


grouper.ieee.org/groups/802/overview2000. pdf, the first meeting of the | EEE local network 
standards committee was in February 1980. This is certainly an easy way to remember the 802 


standards (1980, February). The |EEE 802.3 CSMA/CD Ethernet standard was first published in 
1985. By the late 1980s, Ethernet gained international recognition by the ISO through standard 
1S88023. 


NOTE 


The IEEE 802 standards are available for free download at 
standards. ieee.org/getieee802/. 


The 10-Mbps Ethernet standards are categorized as follows: 


e 10BASE5 

e 10BASE2 

e 10BASE-T 
e 10BASE-FL 
e 10BASE-FB 
e 10BASE-FP 


The majority of Ethernet networks use baseband signaling as in 1OBASE5, which means that all 
stations share the same frequency channel. A broadband network is more like cable TV where 
different services communicate across different channels (frequencies). Think of band as a range 
of frequencies. In sharing the band, one can take turns using the entire band (baseband/time- 
division multiplexing [TDM]) or divide the band into multiple frequency channels 

(broadband/ frequency- division multiplexing [FDM]). With baseband, for instance, there are time 
slots for data, voice, and video. With broadband, however, data, voice, and video are more 
simultaneous. Each one runs at a different frequency, which means that all stations utilize a 
shared limited frequency range. 


NOTE 


Beginning in 1983, Novell developed its own proprietary Ethernet frame type to run 
over thick and thin coax; they completed its development in 1985. This was prior to 
the IEEE 802.3 specification. 


Both DI X Ethernet and IEEE Ethernet are broadcast-based logical bus networks that use carrier 
sense multiple access with collision detection (CSMA/CD) as a method of taking turns on the 
wire. The CSMA/CD access method says that Ethernet is a shared media access method where 
all stations see all frames and take turns using the media. Even Token Ring and FDDI are shared 
media access methods, but the method for taking turns is not contention-based. 


e CSMA/CD is like taking turns talking on a conference call or at a meeting. Take a look at 
the following list. Everyone is listening (CS), but no one is talking. Now multiple people talk 
at once (MA). However, you really can't understand each other (CD), so you wait a random 
amount of time and try again: 


e Carrier sense (CS) — Listen before your talk. 
e Multiple access (MA) — If there are simultaneous transmissions, a collision occurs. 
e Collision detection (CD)— Both stations must back off and wait a random period of time. 


The Data Link Layer combines bits into bytes and bytes into frames. Ethernet is canonical on the 
wire. The preamble is sent out to indicate that Ethernet is coming. Although not all protocol 
analyzers display it for you, the preamble is the first 8 bytes, which end in two consecutive ones, 
of the frame. A collision occurs only after the preamble has been sent. The first host to detect the 
additional voltage on the wire that indicates multiple hosts attempting simultaneous 
communication issues a jam signal. All hosts on the collision domain now know that a collision 
has occurred. Retransmission randomly occurs up to 15 times per the CSMA/CD specifications. 


After 30 percent to 40 percent utilization, collisions rise exponentially with shared Ethernet. The 
more people taking turns to use the same wire, the more contention and competition, and 
therefore collisions occur more often. The "Ethernet Frames" section provides more detail. 


NOTE 


Distance matters with collisions. It takes an electrical signal 51.2 microseconds to be 
carried from one end of a cable segment to the other using the maximum distance for 
the medium (100 meters [m] on twisted pair, 185 m on coax, 500 m on thick 
Ethernet). During that same time period, the sending station will have put up to 64 
bytes of information on the line before the first bit reaches the other end. That's why 
collisions can be up to 64 bytes and still be okay, and that's why distance matters, and 
that's where you'll get late collisions in longer (out-of-specification) cable runs. 


Although Ethernet has no flex time, you can scale it across 10-Mbps, 100-Mbps, and 1000-Mbps 
architectures, especially if you understand the bottlenecks. You must deal with three elements: 
the physical medium, the access method, and the frame type. For example, is the problem a too 
busy server, a shared-medium hub, an ill-performing NIC, or are there just too many users or 
too much broadcast-based traffic on a segment? 


Ethernet is scalable. You can segment it while preserving the existing infrastructure. It includes 
multivendor support, and the old and the new work well together. Bridges and switches have 
drastically increased its life soan, probably much longer than Metcalfe ever dreamed. 


Bridges started as two- port devices to interconnect LANs. Switches are a marketing term for 
bridges as a way to boost LAN performance. Switches (or even crossover cables) allow for full- 
duplex communications over 10/100/1000/10,000-Mbps Ethernet where a device can transmit 
and receive simultaneously. No collisions occur in full-duplex Ethernet. Conversely, to be full- 
duplex, you must be a point-to-point link. For more details on switches and duplex 
communications, refer to Chapter 6; the entire chapter is dedicated to Ethernet switches. 
Regardless of the Ethernet speed, for specific trouble targets see the section "Shooting Trouble 
with Ethernet" later in this chapter. For now, look at 100-Mbps Ethernet, which has been and is 
still gaining more popularity at Cisco's Access Layer (where the users are). 


100-Mbps Ethernet 


Originally two approaches were presented when the IEEE first began work on Fast Ethernet 
standards. 100BASE-X (Fast Ethernet) was first proposed by Grand J unction Networks to the 
[EEE in 1992. In 1993, the first full-duplex EtherSwitch came to market from Kalpana. 
Crescendo Communications presented switching hubs with high-speed FDDI and Ethernet ports. 
HP and AT&T approached IEEE 802.3 with an entirely new medium access control mechanism 
where priority was built in to the hubs first for Ethernet and later for Token Ring, too. Because of 
the two approaches, 100-Mbps standards wars began occurring in the early 1990s. Therefore, a 
group of cooperative vendors agreeing to keep a technical focus formed the Fast Ethernet 
Alliance group to alleviate the standards wars. 


HP and AT&T's joint venture, LOOVG-AnyLAN, ended up as IEEE 802.12 Demand Priority Access 
Method, which was abandoned in 1994. In October 1993, LOOBASE-, known today as 100BASE- 
TX, was published. March 1995 marked the approval of [EEE 802.3u, and the alliance group 
disbanded. 


Fast Ethernet brought about the quick adoption of dual- speed 10/100 NICs for easy migration 
paths. 10OBASE-T is really just a generic name for the early 100-Mbps standards; however, it is 
probably the most often used term when people (including myself) really mean 1O0O0BASE-TX. 
100BASE-X is a generic name that uses X as a variable for 100- Mbps using 4B/5B encoding (for 
instance, the existing FDDI standard). The 100-Mbps standards are categorized as follows: 


e 100BASE-TX 
e 100BASE-FX 
e 100BASE-T4 
e 100BASE-T2 


FDDI was already in full swing when 100-Mbps Ethernet was developed. The benefits gained 
included a variation of the existing nonreturn to zero, invert on one (NRZI) transmission 

method. 100BASE-TX uses NRZI-3 or multiple level transition (MLT-3), in which bits are encoded 
as transitions (as in NRZI and the Ethernet Manchester encoding scheme). 


100-Mbps Ethernet is 10-Mbps Ethernet times 10 with a few exceptions. It retains the same 10- 
Mbps Ethernet MAC header except for the interframe gap (IFG), which goes from 9.6 
microseconds to .96 microseconds. The round-trip propagation delay in 1 collision domain must 
not exceed 5.12 microseconds, which is the time it takes a sender to transmit 512 bits on 100- 
Mbps Ethernet. Distance limitations and shared devices are among the differences. In particular, 
two types of repeaters are defined in the 1OOBASE-T specifications: 


e Class | repeaters allow only one repeater hop and have a latency of .7 microseconds or 
less. 


e Class II repeaters allow one or two repeater hops and have a latency of .46 microseconds 
or less. 


Repeater hops have varied somewhat over the years according to the manufacturer, but you can 
relate any variation back to the 10-Mbps 5-4-3 rule of 5 segments connected by 4 repeaters; 
where 3 segments are populated with nodes, 2 segments act as inter-repeater links (IRLs), but 
there is still only 1 collision/broadcast domain. 


Ethernet continues to evolve to assist with bottlenecks not only at the Access and Distribution 
Layers but also into the Core. Next in the evolution is 1000-Mbps Ethernet, which is more often 
referred to as Gigabit Ethernet. 


1000-Mbps Ethernet 


Gigabit Ethernet significantly leverages off of some of the existing key components from | EEE 
802.3 Ethernet and ANSI X3T11 FibreChannel. Cisco helped to lead the Gigabit Alliance Group 
since its inception in March 1996. A big enhancement includes a change to the MAC layer 
standards to support higher-speed networks. The frame size was not changed, but a carrier 
extension was added to the Gigabit Ethernet chipset so that the sender sends for a longer period 
of time to support a larger topology. So with 10, 100, and 1000-Mbps Ethernet, the minimum 
frame size is equal to the network maximum round-trip propagation delay, which is 512 bits (64 
bytes). This is equal to the slot time in 10 and 100-Mbps networks, but the slot time now 
increases to 4096 bit times or 512 bytes. Short frames are automatically extended to one slot 
time in length. This may not sound so delightful from a troubleshooting standpoint, but the |EEE 
802.3z standards let a user send multiple frames without contending again for use of the 


bandwidth. A good example of this new bursting feature is Voice over IP (VoIP). 


Cisco supports 10/ 100/ 1000/10,000 Ethernet in its vast array of products, including the 2900s, 
3500s, 4000s, and 6500s. Even though you may have taken advantage of 100-Mbps Ethernet 
technology down to the desktop, you may still have bottlenecks at the wiring closet. This is 
where Gigabit Ethernet can assist. Cisco uses the 1000BASE-T Gigabit Interface Converter 
(GBIC) to provide full-duplex Gigabit Ethernet connectivity to high-end workstations and 
between wiring closets over existing copper infrastructures for their 2900 and 3500 XL 
customers. For more information, review the Cisco online seminar with Bruce Tolley on "Scaling 
Bandwidth with 10 Gigabit Ethernet" or point your browser to 
www.cisco.com/warp/customer/cc/techno/media/lan/gig/tech/gigbt_tc.htm. 


10,000-Mbps Ethernet 


Cisco is also part of the 10 Gigabit Ethernet Alliance, leading the initiative to accelerate 10 
Gigabit Ethernet to the networking community. For example, there are 10 Gigabit Ethernet 
modules available for the 6500 series. Refer to 


www.cisco.com/warp/public/cc/techno/media/lan/gig/tech/ 10gig_sd.htm for more 10 Gigabit 
Ethernet details. 


10 Gigabit Ethernet provides high bandwidth, scalability, and very high-speed connections 
between buildings and their Point of Presence (POP). It aggregates multiple gigabit segments for 
links between switches and servers or clusters thereof over fiber. 


NOTE 


Dark fiber is unlit fiber that is not currently carrying any traffic. 


The 10 Gigabit Ethernet High Speed Study Group (HSSG) began its initial research in March 
1999, which led to the IEEE forming the 802.3ae 10 Gigabit Ethernet Task Force in March 2000. 
The standard was formally ratified in 2002. For more information go to www.10gea.org. 


Wireless Ethernet 


Cisco, among others, is working hard to future-proof wireless communications. They are 
combining wireless and IP technology to create anytime, anywhere connections to the Internet 
and enterprise networks. Whether in a campus environment or distant mobile location, Cisco's 
high-speed, secure wireless technology enables users to be constantly connected. See 
newsroom.cisco.com/dlls/hd_041702.html for a quick glimpse of Cisco's position on wireless 
technology. 


There are various IEEE wireless standards, including 802.11a and 802.11b. However, the world 
is concerned with the security of wireless Ethernet. Interesting websites on the topic include "The 
Unofficial 802.11 Security Web Page" at www.drizzle.com/~aboba/IEEE/ and "Offsite Wireless," 
atwww.offsitewireless.com. 


NOTE 


Wireless LANs do not equal Ethernet. They run a completely different data-link scheme, 
and definitely a different Physical Layer scheme. 


Summary of IEEE 802.3 Ethernet Evolution 


Ethernet is not limited to the wired LAN today, for it is found in wireless LANs as well as in long- 
haul optical Ethernet WAN communications. Refer to the |EEE standards for complete details. 
Table 5-4 summarizes the information about the evolution of Ethernet presented in this section. 


Table 5-4. LEEE 802.3 Ethernet Evolution 


Stations per Segment Length 
Standard IEEE Year Segment in Meters Medium 
10BASE-5 802.3 1983 100 500 50o0hm coax 
thicknet 
10BASE-2 802.3a | 1985) 30 185 50o0hm coax 
thinnet 
10Broad-36 | 802.3b |1985 100 1800 750hm coax 
3 channels each 
direction 
FOI RL 802.3d | 1987 2 hubs 1000 Fiber 
1BASE-5 802.3e | 1987 12/hub 250 2 pair Category 3 
StarLAN 
1LOBASE-X Ethernet 
10BASE-T 802.31 | 1990 12/hub 100 2 pair Category 3 or 
better UTPL¢L 
10BASE-F 802.3j | 1993) 2 hubs 400 MMFL«L half- 2 strands MMF 
duplex 
SMF 
2000 MMF full- 
duplex 
10k SMFE¢] 
100BASE-X Fast Ethernet 
100BASE-TX |802.3u |1995 1024 100 2 pair Category 5 
100BASE-FX | 802.3u | 1995 2000 2 strands MMF 


100BASE-T4 | 802.3u |1995 1024 100 4 pair Category 3 or 
better 
100BASE-X | 802.3x |1997 1024 100 2 pair Category 3 or 
T2 better 
1000BASE-X Gigabit Ethernet 
1000BASE- 802.3z | 1998 25 2 pair STPLL 
CX 
1000BASE- 802.3z | 1998 550 2 strands MMF 
SX 
1000BASE- 802.3z | 1998 550 MMF 2 strands MMF 
LX 
10k SMF SMF 
1000BASE-T | 802.3ab | 1999 100 4 pair Category 5 
10GE 802.3ae | 2002 300 MMF 
40+k SMF 


(*] UTP = Unshielded twisted-pair 


(*] MMF = Multimode fiber 


(*] SMF = Single-mode fiber 


(*] STP = Shielded twisted-pair 


As you can see, Ethernet is everywhere. Refer to the Cisco.com Products and Technologies 
pages, IEEE sites, and Charles Spurgeon's website for the constantly updated detailed 
explanations of Ethernet from Aloha to today, including known problems, steps to help you 
correct them, and tools to assist. Now that you have experienced the Ethernet evolution, the 
next section covers Ethernet frame formats in more detail. 


Ethernet Frames 


InChapter 1, "Shooting Trouble," you learned that the protocol data unit (PDU) for Layer 2 is 
frames. Frames refer to the entire message from Layer 2 to Layer 7. Control bits mark the 
beginning and end of frames just as picture frames mark the edges of a picture. Because you are 
already familiar with how Layer 2 allows different devices to take turns on the media (media 
access control), and how the network works (logical topologies), now | want you to look at how 
Ethernet data is actually packaged at Layer 2. In particular, compare DIX Ethernet to IEEE 
Ethernet, including the various Layer 2 headers in Figure 5-3. 


Figure 5-3. Ethernet Frame Formats 


IEEE 802.3 RAW (Novell 802.3) 


- : a - - 


PRE DA Ether DATA FCS 
Type 


IEEE 602.3 Ethernet with 602.2 (LLC) SAP Header 


PRE DA SA Length DATA 
LLC Header 


IEEE 802.3 Ethernet with SNAP Header 

PRE DA SA Length DATA 
SNAP Header 
LLC Header 


UseFigure 5-3 and the Figure 5-4 flowchart as a guide to walk through the Ethernet frames and 
their headers in the following subsections. Verify the Ethernet frame format details and how the 
data links change but the upper-layer data remains the same from end to end. 


Figure 5-4. Ethernet Frames 
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Ethernet Il (DIX Ethernet) Frame Format 


Figure 5-5 displays Ethernet II (DIX Ethernet) details. 


Figure 5-5. Ethernet II (DIX Ethernet) 


Ethernet |i (DIX Ethernet) Frame Format 


8 Byles 6 Bytes 46-1500 Bytes 


Figure 5-5 shows the following fields: 


Preamble (PRE)— Indicates the start of an Ethernet frame, but really not counted as part 
of the 14-byte frame header. 


Destination address (DA)— Unicast, multicast, or broadcast. 
Source address (SA)— Always unicast. 
EtherType— Identifies the encapsulated Layer 3 (see Figure 5-7). 


Data— Varies. A 14-byte header + 4-byte trailer cyclical redundancy check (CRC) = 18 
bytes. The 46 data bytes + 18 header bytes = 64 bytes. IEEE 802.3 specification includes 
requirement to pad the data to the 46-byte requirement, but the Ethernet specification 
really doesn't. 


Frame check sequence (FCS)— A 4-byte error detection CRC created by the sender and 
recalculated by the receiver to check for transit damage. The 1500 data bytes + 14 header 
bytes = 1514 bytes, or with the FCS (CRC) 1518 bytes. 


NOTE 


Anything below the minimum of 64 bytes is considered a runt. Anything above the 
maximum of 1518 is considered a giant. See the "Shooting Trouble with Ethernet" 
section for more on runts and giants. 


Figure 5-6 displays a protocol analyzer trace of an Ethernet I| ARP frame. Frame 221 in the 
Summary pane clearly displays the source address, destination address, summary, and timing 
summary. The DLC header displays the destination address as broadcast or all FFFFs, the source 
address as the MAC address of hosta (unicast), and the EtherType of 0x0806, which Sniffer 
informs you is ARP. Follow through the ARP/Reverse Address Resolution Protocol (RARP) frame 
to see that an |P Layer 3 address is contained in the message as indicated by protocol type 
0x0800. Refer to the Ethernet Frame Types helper chart in Figure 5-4 to help identify the frame 
as an Ethernet II/DIX frame format just because an EtherType is present. Actually the 0x0800 
and 0x0806 EtherType values are both greater than Ox05dc or 1500 bytes decimal, which is the 
allowed length for an 802.3 frame. Use your scientific calculator to perform the math. 


Figure 5-6. Ethernet Il ARP Frame 


[View full size image] 


33333 
SPEEEEE || 


ae 


fto 
Beg Acie 
es er haa! sbieate <r 
wm bascoerr 


preeeaeees | 


3E% 


BES aes tee 
Beer ree e: 


+—— Summary Pane 


-: 
2. 


td 


CONE S2OCC Kae: 
peoerassessssera 
eschcesesssss 


SSSSS5 


MNSSESHSE sss eh 
2 Ante eee 
= 


bibs 


* 
s 
a 
= 
sl 
ell 
. 
. 
. 
. 
. 
. 
s 
s 
* 
. 
s 
2 
. 
* 
s 
. 
® 
of 


sersse 
soteese 
Bist 
PORTS 
ria 


” 
[ea82 268 6 98) | Po 
oh £491 


Figure 5-7 displays another example of Ethernet || that displays the EtherType for IP. This is 
how the Data Link Layer hands off to the next-layer protocol. 


Figure 5-7. Ethernet Il IP Frame 


[View full size image] 


So 
> 


if 


1} 


8 

{i hia 15 Se iB 

a Ea = 32 a ig tt rieeeh Gee “—-r vee 
mor Mee eTT 


Bree yd 


a 


Crrttttitt 


| 
2 


i 
sayeegeery 


eeeseeeesoessesess 
eit 


Lee ehaee ass 


oor is 
i c ™ nate v ps » 
Lis. ne — eS BS FS) 
“— Hate - 
peor ii a = 
*, fa 148 5%) ipa = 
{32 188 L thd |{7ie-.8.20) [luge malic Leteco 


= 
= 
oe 


SSEHMEARRETEGSEGERSEE 


“su3e 
Saece 
voo 
222 
eanene 
rites 
Ses ++ 
oe 


tress aoee te 74 (S044 dem) Dytee 


In both Figure 5-6 and Figure 5-7, you identify the frame type by looking at the 2-byte 
EtherType field in the DLC header. The value of the EtherType indicates the next- layer protocol 


to hand off to. Look up www.cavebear.com/CaveBear/Ethernet/type.html as in Figure 5-8 or 


http://standards.ieee.org/regauth/ethertype/type-pub.html for more EtherTypes. Cavebear also 
has a fairly comprehensive list of Ethernet vendor codes and multicast addresses (which are 


discussed in more detail in the "Ethernet Addressing" section later in this chapter). 


Figure 5-8. EtherTypes 
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NOTE 


The maximum packet length for Ethernet is 1500 bytes. If the length field is less than 
or equal to 1500 (Ox5dc, where Ox designates hex) bytes, the frame format is | EEE 
802.3 Ethernet. If the length field is not a valid length (greater than 1500), a type field 
is used and the frame type is Ethernet II. The value of the type field further defines the 
Layer 3 protocol, such as 0x800 for IP or 0x8137/0x8138 for | PX. Excluding the 
preamble bytes, 13 and 14 are the determining bytes. 


IEEE 802.3 Ethernet Frame Format with Raw (Novell 802.3) Header 


Now look at the detailed Sniffer frame format for |EEE 802.3 Raw in Figure 5-9. Remember that 
|EEE 802.3 Ethernet uses a valid length field (<= 1500 bytes) rather than the EtherType field. 


Figure 5-9. IEEE 802.3 RAW (Novell 802.3) 


IEEE 802.3 RAW (Novell 802.3) 
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Identify the following fields in a protocol analyzer trace such as the one in Figure 5-10: 


e Preamble— Indicates the start of an Ethernet frame, but really not counted as part of the 
14-byte frame header. 


e Destination address— Unicast, multicast, or broadcast. 

e Source address— Always unicast. 

e Length— Valid length field (<= 1500 bytes or 0x05dc). 

e Data— Varies. A 14-byte header + 4 byte trailer (CRC) = 18 bytes. The 46 data bytes + 18 
byte header = 64 bytes. |EEE 802.3 specification includes requirement to pad the data to 
the 46-byte requirement, but the Ethernet specification really doesn't. 

e Frame check sequence— A 4-byte error detection CRC created by the sender and 


recalculated by the receiver to check for transit damage. The 1500 data bytes + 14 bytes = 
1514 bytes, or with the FCS 1518 bytes. 


Figure 5-10. |LEEE 802.3 RAW (Novell 802.3) 
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Figure 5-10 displays an example of an |EEE 802.3 Ethernet frame. Frame 65 that is highlighted 
in the Summary pane clearly displays the source address, destination address, summary, and 
timing summary for an | PX ping packet. It is equivalent to the details in the DLC header of the 
Detail pane. The destination and source addresses are both unicast, as you can verify in the Hex 
pane at the bottom. Follow through the IPX header to see that the checksum is OXFFFF, which 
means that it is not used; this is what you should expect for the Ethernet RAW format. Refer to 
the Ethernet Frame Types helper chart in Figure 5-3 to see that an EtherType is not present, and 
the frame does not have an LLC header; you can identify it as IEEE 802.3 RAW. 


IEEE 802.3 Ethernet Frame Format with 802.2 SAP Header 


Other header types used with the IEEE 802.3 frame format include SAP and SNAP. Figure 5-11 
illustrates the [EEE 802.3 Frame Format with an 802.2 (Logical Link Control, LLC) SAP header. 


Figure 5-11. 1 EEE 802.3 Ethernet with 802.2 SAP header 


IEEE 802.3 Ethernet with 802.2 (LLC) SAP Header 


Length DATA 
LLC Header 


Refer to the preceding subsection for an explanation of the individual fields in the header. The 
only difference here is that part of the data field is borrowed for the LLC header, which uses 
Service Access Points (SAPs) to point up to the Layer 3 protocols (see Figure 5-12). 


Figure 5-12. | EEE 802.3 Ethernet with 802.2 SAP Header 
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NOTE 


Remember that IEEE SAPs differ from the Novell SAPs discussed in the preceding 
chapter. |EEE 802.3 with a SAP header uses 802.2 LLC SAPs to point to the Layer 3 
protocol. 


Figure 5-12 illustrates a protocol analyzer trace of an |PX ping using Novell's 802.2 frame type 
(Cisco's SAP encapsulation), whereas the preceding example used Novell's 802.3 (Cisco's Novell- 
Ether encapsulation) frame format. The DSAP and SSAP of e0 in the LLC header point to I PX at 
Layer 3. If they were 06 instead of e0, they would link to IP (see Figure 5-13). For more DSAP 
(destination) and SSAP (source) values, go to www.cisco.com/warp/public/473/111 12.html. 


Figure 5-13. 1EEE SAPS 
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IEEE 802.3 Ethernet Frame Format with SNAP Header 


The final Ethernet frame in Figure 5-14 is an |EEE 802.3 frame with a SNAP header. In addition 
to the 802.3 Data Link header and the 802.2 LLC header, it contains a SNAP header. 


Figure 5-14. |EEE 802.3 Ethernet with SNAP header 


IEEE 802.3 Ethernet with SNAP Header 


Length DATA 
SNAP Header 
LLC Header 


Figure 5-15 illustrates a protocol analyzer trace of CDP as an example of the |EEE 802.3 frame 
with a SNAP header. Marked frame number 1 illustrates DLC, LLC, SNAP, and CDP headers. 


Figure 5-15. | EEE 802.3 Ethernet with SNAP Header 
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The DLC destination address is multicast address 01000ccccccc, which is reserved for CDP. The 
DSAP and SSAP of the LLC header are both AA, which indicates that a SNAP header follows as 
shown. Note the vendor ID of Ciscol and the SNAP Type of 2000 for CDP. (In the Hex/ASCII 
window at the bottom, locate the corresponding bytes.) SNAP is like putting the type field back 
in for various vendors! In point of fact, additional data bytes are borrowed to give more room for 
proprietary protocols. 


NOTE 


Because OOOO0C is an Organizationally Unique | dentifier (OUI) reserved to Cisco, 
01000 Cxxxxxx is the range of multicast addresses also reserved to Cisco. J ust as each 
vendor is responsible for suballocating the lower 3 bytes for unicast source addresses, 
vendors can do as they want with proprietary multicast MACs. 


To summarize, the Ethernet frame format rules concentrate on the 2-byte type/length field (byte 
13 and 14 excluding the preamble). If these 2 bytes are >= Ox05dc, it is Ethernet I! (DIX). If 
they are <= 0x05dc and FF FF with no LLC header, it is Novell's 802.3 RAW. If they are <= 
Ox05dc and AA AA, it is |EEE 802.3 with SAP (LLC) 802.2 and SNAP headers. If they are <= 
Ox05dc but not AA AA or FF FF, it is IEEE 802.3 frame with a SAP (LLC) 802.2 header. 


Encapsulation (frame format) is a likely troubleshooting target on your data links regardless of 
whether you are using Ethernet, Token Ring, FDDI, High-Level Data Link Control (HDLC), PPP, 
Frame Relay, ATM, or something else. Although this section has primarily discussed Ethernet 
frame formats, you can find the other formats at Cisco.com or you can purchase detailed 
protocol reference guides from sites such as 


www.hollisterassociates.com/protocol reference guides.htm. Another important Layer 2 
troubleshooting topic is addressing. 


Ethernet Addressing 


At the Data Link Layer, Ethernet, Token Ring and FDDI all share the same addressing format of 
48 bits. This, as many other things in networking, came from Xerox PARC, but is now 
administered by the |EEE. Think of this like a social security number and a name. | am certain 
there is another Donna Harrington in the world, but we do not share the same social security 
number. | don't think I'll capture my social security number for you in Sniffer just in case. 
Figure 5-16 illustrates some examples of vendor codes. It is not my intent to make any snide 
vendor remarks in the case of duplicate addresses because even the well-known manufacturers 


have made mistakes. Take a look at Example 5-21 or one of your previous show interfaces 
command outputs to see that there is room for duplication on your part, too. 


Example 5-21. Burned in Address (BIA) 
rl#show interfaces ethernet 0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 


Description: rle0O to hosta and hostb 


Internet address is 192.168.5.17/28 


Figure 5-16. Ethernet Vendor Codes 
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Example 5-21 shows the address and burned-in-address (BIA) to be one and the same. 
However, someone can use the mac-address [new mac address] command to change this on 
the interface. Obviously, this should be done with care because interfaces on the same LAN 
sharing the same MAC will not function properly. Perhaps you will get an opportunity to 
experience that sooner than you think. The format for the new MAC address iS xxxx.XXXX.XXXX. 
However, MAC addresses are commonly displayed with dashes, spaces, or dots for readability, 
as follows: 


@ XX-XX-XX-XX-XX-XX 
e@ XX XX XX XX XX XX 
© XXXX.XXXX.XXXX 
Certain addresses are reserved for multicast purposes. Notice that the last bit of the first byte is 
set to 1 for the examples presented in Figure 5-17. This is actually the first bit of the 48-bit 
address as it is serially transmitted onto the medium. The bytes are sent left-to-right, but within 


each byte the bits are sent right-to-left. This is referred to as canonical order, as illustrated back 
inChapter 1, "Shooting Trouble." 


Figure 5-17. Multicast Addresses 
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Ethernet at the Physical Layer 


Keep in mind that troubleshooting Ethernet may be a Data Link Layer issue, a Physical Layer 
issue, or both. |EEE 802.3 Ethernet specifies various media types including coax, twisted pair, 
and fiber. From a troubleshooting viewpoint, it is critical to be aware of the specifications for the 
Ethernet media you are deploying. Refer back to Table 5-4 to review the various Ethernet media 
types. For pinout information, refer to Chapter 1, cable vendor sites, and Cisco.com. 


Although not as common anymore, you may have the need to configure the media type on your 
router as in Example 5-22. 


Example 5-22. Media Type Command 


rl(config) #interface ethernet 0 
r1l(config-if) #media-type ? 
10BaseT Use RJ45 connector 

AUI Use AUI connector 


rl (config-if) #end 


Today, media type is primarily autosensed. In the past, you used to have to decide whether you 
wanted to use the AUI or RJ-45 connector and hard code the media type appropriately. Decisions 
like these are also required with 100-Mbps standards. For example, you may need to choose 
between 100BASE-TX for RJ-45 or medium- independent interface (MII). The MII is a 40- pin, 
high-density D-connector that carries various signals to support 10/100-Mbps transceivers that 
use different encoding schemes. The Gigabit MII (GMII) leverages off of the design of the MII to 
allow a gigabit controller to connect 1000 BASE-X and 1000BASE-T transceivers. The MII enables 
you to substitute the Layer 1 of your choice. 


Shooting Trouble with Ethernet 


Shooting trouble with Ethernet primarily requires you to deal with the Physical and Data Link 
Layers of the OSI model. | will not change the methodology on you here. Layer 2 depends on 
Layer 1. You will have an opportunity to prove it yourself if you haven't already. 


There are lots of things to check to assist you with narrowing down the possible causes of a 
problem. Suppose, for example, that you can ping a local host but not a remote one. This could 
be a routing or routed protocol issue, but it may in fact be a link problem. Next you could ping 
from a different host or source the ping from a different interface on the router. Perhaps the 
route is fine, the local router is okay, and the links to the destination are fine, too. You can verify 
all that with trace. This may lead you to the segment where the destination host is located. 
Check the interface status to lead you to a Physical Layer or Data Link Layer issue. Perhaps the 
issue is not with the remote router or switch the PC is plugged into at all, but with the host itself. 
You can certainly test this theory by pinging other devices on the segment. Do you have link 
lights on the NIC? Work your way back up the layers on the destination host as it pulls the bits 
off the wire. Network property sheets and the software tools that come with your NIC can help 
you find lower-layer issues such as drivers, media types, speed and duplex settings, MAC 
addresses, frame types, clients, protocols, and so on. Review the quick troubleshooting 
checklists at the beginning of each chapter and use a layered, yet divide-and-conquer approach 
to assist you with checking possible causes of the problem. 


More than half of the battle with supporting users is recognizing what they see compared to 
what you actually need to target. After you have narrowed down the scope of the problem, use 
tools from NIC vendors, troubleshooters from client operating system vendors, Cisco.com, and 
others to search for specifics. For example, www.networkcomputing.com offers an interactive 
site for various main Ethernet symptoms. Perhaps you are the WAN nerd and can pass this off to 
the LAN nerd, but you must admit that you need to be cross-trained enough to know whether it 
is a WAN problem, LAN problem, host problem, or other. 


NOTE 


Don't be insulted by nerd. Remember nerd in this book stands for network emergency 
repair dude (or dudette). 


Speaking of the specifics, use Table 5-5 and Table 5-6 to assist you with spotting Ethernet 
interface issues in the Trouble Tickets and in the practical environment. Keep in mind that 
collisions are normal and expected in a half-duplex shared Ethernet world, but not so expected 
in a point-to-point, full-duplex environment. However, repeated collisions may mean traffic 
issues in a shared environment or that you have duplex issues in a point-to-point environment. 
To know whether you have problems, it helps to understand terms such as the following to get 
started: 


e Wire speed— Actual speed along the cable measured in Mbps. 
e Capacity— Capacity or bandwidth is the maximum possible rate of transmission. For 


Ethernet, it is quantified in bits per second (bps) and in frames per second. The former is 
determined by the clock rate and encoding scheme; the latter is due to the 64- byte 


minimum frame size. Cisco displays bandwidth in Kbps. Delay is inversely proportional to 
bandwidth. Observe the round-trip delay of ping, for example. 


e Utilization— Number of bps successfully transmitted divided by the capacity of the 
medium in bps. Cisco displays utilization in the interface statistics as load, as you can see 


inTable 5-5. 


e Throughput— The rate at which data is transmitted, measured in Mbps. Throughput is 
impacted by the number of devices that attempt to transmit and how often they do so, 
because this will increase the likelihood of collisions, necessitating backoff and 
retransmission. Lots of test equipment gives you average and peak throughput levels. 
Throughput excludes the IFG, jam signals, and bad frames. If your 10-Mbps Ethernet 
device successfully transmits half the time, for instance, your utilization is 50 percent and 
your throughput is 5 Mbps. 


e Reliability— Stability of an interface. Cisco uses rely to display reliability as a fraction of 
255, where 255/255 is 100 percent reliable. With low reliability and not much other 
activity, expect a hardware issue with the cable, connection, or NIC. If rely is low and 
collisions are high, however, expect duplex mismatches or you may in fact need to segment 
your network. 


Network management programs and performance monitoring tools are great to measure these 
statistics over time and report abnormalities through alerts. However, the Cisco |OS enables you 
to target Data Link Layer and Physical Layer issues in general by viewing your interfaces and 
controllers. Table 5-5 displays interface targets. 


Table 5-5. Interface Targets 


Output Description 

MTU The maximum transmission unit of the interface without the frame 
encapsulation overhead. 

BW The interface bandwidth in kilobits per second. 

DLY Interface delay in microseconds. 

Rely Interface reliability. 255/255 is 100 percent reliable calculated as an 
exponential average over 5 minutes. 

Load The interface load as a fraction of 255 as an exponential average over 5 

(utilization) minutes. 255 is saturated. 

Keepalive Shows whether keepalives are set. You send to your own MAC on the LAN, 
whereas on the WAN you send to the partner router. 

Last Input Lets you know how long since the last packet was received by the interface. 

Last Output Lets you know how long since the last packet was transmitted by the interface. 

Last Clearing Shows when counters were reset to 0. 

Output Q and Show maximum Q size, followed by packets dropped due to a full Q. 

Input Q Drops 

Packets Input | Shows good packets received. 


Bytes Input Shows good bytes received, including data and MAC encapsulation. 

No Buffers Shows discarded packets as a result of no system buffers. Compare with 
ignored and check for broadcast storms. 

Received Shows broadcast and multicast packets received. Should be less than 20 

Broadcasts percent of the total number of input packets unless total input is small. 

Runts Smaller than the medium's minimum packet size. In Ethernet this is 64 bytes 
and is normally caused by collisions. Investigate more than one runt per 
million bytes received. 

Giants Exceed the maximum packet size. In Ethernet this is 1518 bytes. 

CRC Errors Generated when the CRC generated by the sender does not match the CRC on 
the data received. High number may be due to collisions or bad data 
transmission. Investigate more than one per million packets received on a LAN 
and more than one per thousand packets received on a WAN. 

Frame Shows number of packets received with CRC error and noninteger number of 
octets. Investigate collision problems, bad NIC, or physical medium for frame 
and alignment errors. 

Overrun Indicates how many times the receiver hardware was unable to store into a 
packet buffer because of an oversubscribed data bus within the router. Check 
hardware configuration. 

| gnored Shows received packets ignored because interface ran out of internal buffers. 
Broadcast storms and noise cause this. 

Collisions Shows retransmissions due to Ethernet collisions. Router knows only about 
collisions on its interface—only the ones it participates in. Excessive collisions 
may mean bad NIC, faulty cabling, or repeater problem. Divide the number of 
collisions by the number of output packets; the result should be less than 0.1 
percent. 

Interface Indicates how many times an interface has been completely reset. May 

Resets happen if packets queued could not be sent because of lack of carrier or 
clocking, unplugged cable, and so on. 

Restarts Indicates how many times a Type2 Ethernet controller was restarted due to 
errors. Compare with show controllers, line restarts. 


UseTable 5-5 and Example 5-23 to help you review these interface statistics. When monitoring 
an interface over a particular period of time, clear the interface counters before your test. 


NOTE 


Clearing the interface counters before your test is very important. If the counters have 
accumulated for weeks or months, it's quite difficult to tell whether an apparent 
symptom is still occurring or whether it happened a long time ago. 


Example 5-23. show interfaces [interface] 


cr3#show interface fastethernet 2/0 
FastEthernet2/0 is up, line protocol is up 
Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.e300) 
Description: r3fa2/0 to hostc 
Internet address is 192.168.5.97/28 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 220/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
Full-duplex, 100Mb/s, 100BaseTX/FX 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:03:53, output 00:00:01, output hang never 
Last clearing of "Show interface" counters never 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
374 packets input, 55460 bytes 
Received 374 broadcasts, O runts, O giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
OQ watchdog, O multicast 
O input packets with dribble condition detected 
6405 packets output, 525206 bytes, O underruns 
22 output errors, 0 collisions, 7 interface resets 
0 babbles, O late collision, O deferred 
22 lost. carrier, 0 no carrier 


0 output buffer failures, 0 output buffers swapped out 


The shaded output in Example 5-23 clearly demonstrates that at some point in time a Layer 1 


link was missing and therefore an inability to transmit. The 220/255 rely is your first indication 
to look further. Notice the 22 output errors and 22 lost carriers, but no collisions. The load is 
very low too, so at some point in time you had a hardware issue. Because these problems are 
not occurring now, you should clear the counters and look at the interface statistics again as in 


Example 5-24. 


Example 5-24. Interface Counters 


r3#clear counters 
Clear "show interface" counters on all interfaces [confirm] 
c3# 
05:21:49: @CLEAR-5-COUNTERS: Clear counter on all interfaces by console 
cr3#show interface fastethernet 2/0 
FastEthernet2/0 is up, line protocol is up 
Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.¢e300) 
Description: r3fa2/0 to hostc 
Internet address is 192.168.5.97/28 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 227/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
Full-duplex, 100Mb/s, 100BaseTX/FX 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:04:28, output 00:00:01, output hang never 
Last clearing of "show interface" counters 00:00:13 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
QO packets input, O bytes 
Received 0 broadcasts, 0 runts, O giants, O throttles 
QO input errors, 0 CRC, O frame, 0 overrun, O ignored, 0 abort 


OQ watchdog, O multicast 


QO input packets with dribble condition detected 

4 packets output, 282 bytes, O underruns 

0 output errors, O collisions, 0 interface resets 

0 babbles, O late collision, O deferred 

0 lost carrier, O no carrier 

0 output buffer failures, O output buffers swapped out 


v3# 


Instead of clearing all the counters, you can individually clear the counters for a particular 
interface. At least now you can troubleshoot them from this point forward. Clear the counters on 
all your routers and save your configurations to prepare for the upcoming Trouble Tickets. 


Although collisions are not an issue in the example, an absolute number of collisions is not the 
best threshold to determine how many are too many. Setting a collision rate by percentage is a 
better way. For example, collisions should not exceed 1 percent of total packets output. Also 
keep in mind that a router knows only about the collisions in which it participates. Calculate the 
collision rate by dividing collisions by the output packets. 


Most collisions occur in the preamble, and depending on your protocol analyzer you may witness 
the damaged frame by seeing repeating bytes of OxAA or 0x55. Frames shorter than 64 bytes 
are generally caused by collisions (runts). Frames longer than 1518 (giants) normally indicate a 
bad NIC. Giants may also indicate an encapsulation mismatch because Inter-Switch Link (ISL) 
and 802.1q will produce baby giants for full MTU payloads. Repeaters forward them; switches 
drop them. 


Excessive collisions should never occur. It indicates that the NIC attempted to transmit a frame 
16 times without success, getting a collision every time. Check the cabling and the NIC. If there 
are excessive CRC errors but not many collisions, check the cable. Dirty or unstable connectors 
or a bad NIC tend to cause lots of CRC errors. 


Late collisions occur after the initial 64 bytes and are commonly a result of duplex mismatches. 
Another harder- to-troubleshoot reason for late collisions is a cable run longer than the 
specification. Physical Layer troubleshooting is often overlooked. 


There have been interesting issues over the years with autonegotiation, especially with 
proprietary NICs, hubs, and switches. My preference is still to set speed and duplex manually 
where at all possible. Because LOBASE-T and 100BASE-TX are electrically incompatible, the 
autonegotiation hierarchy is built in to the l|EEE 802.3u specifications. The specification controls 
the order of negotiation from top to bottom (see Table 5-6). 


Table 5-6. l[EEE 802.3u Autonegotiation Specifications 


Autonegotiation Level | Mode of Operation Maximum Total Transfer Rate 


9 1000BASE-T full-duplex 2000 
8 1000BASE-T half-duplex 1000 
7 100BASE-T2 full- duplex 200 
6 100BASE-TX full-duplex 200 
5 100BASE-T2 half-duplex 100 
4 100BASE-T4 half-duplex 100 
3 100BASE-TX half-duplex 100 
2 10BASE-T full- duplex 20 

1 10BASE-T half-duplex 10 


NOTE 


Although performance usually suffers, communication normally occurs with duplex 
mismatches. On the other hand, communications will not occur if there are speed 
mismatches; the symptoms are just like having the wrong cable connected. Check your 
LEDs if you can physically inspect the device; check your show interfaces display if 
you can't physically inspect the device if customer impact is in fact a concern. 


Pick a normal activity time for a baseline to do your interface and controller monitoring. 
Compare the same activity at different times of the day, week, month, and year and capture the 
details in a spreadsheet or database for performance management and long-term planning. You 
must document and update your findings to succeed in troubleshooting. 


Once again it is time for the chapter Trouble Tickets. The plan here is to give you several things 
to do, let you make mistakes and fix some things on your own, and to introduce other problems 
that you should have some experience with as a support person. Shooting trouble with Ethernet 
is critical to the support person because Ethernet primarily dominates the market today. 


NOTE 


Do notwrite erase your routers and start from scratch. Whether it is now or later, you 
will learn from your own mistakes. In the real world, many times | find it easier to just 
start from scratch if things are that different. |n many cases you do not have that 
luxury, for what you change on a router affects not just one person, but many others, 
and change control is a definite must. 


Trouble Tickets 


Complete the following Trouble Tickets in order. They assume you have followed along with the 
Shooting Trouble with Ethernet chapter scenario thus far. Use the chapter scenario drawings and 
tools from the previous chapters to analyze, test, and document as you go. Do not expect all 
troubles to be limited to just Ethernet issues. Feel free to create your own Physical Layer or other 
problems if you need more practice in that area. Sample solutions are provided. 


Trouble Ticket 1 


A new administrator is at the r5 location performing some simple tests. She tells you she can't 
ping to the other side of the network over on r4. You have her issue a show arp command on 
her router and nothing displays. You are at the rl location and you can't get to network 10.2.2.0 
either, but in your earlier testing you know you were able to get to the other end of the network 
because you issued a ping from hosta to hostc. Example 5-25 displays the rl routing table. Can 
you spot the issue(s)? Fix the problem(s). You may or may not have this particular issue in your 
lab right now, but you should help the new administrator troubleshoot the problem. 


Example 5-25. Trouble Ticket 1 1P Testing 


r5>ping 10.2.2.2 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 10.2.2.2, taméout 1s 2 seconds: 
Success rate is 0 percent (0/5) 

r5>show arp 

r5>!!nothing is here 

rl>show ip route 


192.168.5.0/24 is variably subnetted, 7 subnets, 2 masks 


D 192 .168..52 96/28 [90/2172416] via 192.168.5.82, 01212202, Seriall 

D 192.168.5.64/28 [90/40537600] via 192.168.5.34, 01:12:03, Ethernetl 
Cc 192.168.5.80/28 is directly connected, Seriall 

Cc 192.168.5.32/28 is directly connected, Ethernetl 

D 192.168.5.48/28 [90/40537600] via 192.168.5.34, 01:12:03, Ethernetl 


D 192.168.5.0/24 is a summary, 01:12:08, Null0 
Cc 192.168.5.16/28 is directly connected, Ethernet0O 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 


D 10.0.0.0/8 is a summary, 01:12:03, Null0 
Cc 10.1.1.0/24 is directly connected, Serial0O 
ri#end 

Trouble Ticket 2 


You completed Trouble Ticket 1 as far as IP is concerned, but what about | PX? IPX should be 
running only on the LAN that hosta is on, including the server, hosts, and router interface. Note 
and fix any issues. The Novell server display networks command shows 516 0/1 and 346648E2 
0/1, and the router display is in Example 5-26. You may or may not have this particular issue in 
your lab right now, but you should troubleshoot the problem as it exists here. 


Example 5-26. Trouble Ticket 2 IPX Testing 


rl#show ipx interface brief 


Interface IPX Network Encapsulation Status IPX State 
Ethernet0O 516 NOVELL-ETHER up [up] 
Ethernetl unassigned not config'd up n/a 
Serial0o unassigned not config'd up n/a 
Seriall unassigned not config'd up n/a 


rl#show ipx interface ethernet 0 
EthernetO is up, line protocol is up 
IPX address is 516.0000.0c8d.6705, NOVELL-ETHER [up] 


Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 


rl#show ipx route 
1 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 


No default route known. 


Cc 516 (NOVELL-ETHER), Et0O 


rli#end 


Trouble Ticket 3 


Change the frame type for network 516 to Ethernet II only. Ping from r1 to the Novell server to 
verify connectivity. 


Trouble Ticket 4 


Configure the MAC address of rle0 to be identical to hostb's MAC address. What happens? Turn 
ondebug arp. Ping the rle0 interface from the hostb command prompt. What happens? Ping 
hostb from r1. Fix the duplicate MAC issue. Although not shown in the answer output, it might be 
a good time to check your other hosts on the same Ethernet segment to verify that you gave 
them IP addresses. Clean up the clients so that they are running TCP/IP and the Microsoft Client. 
Put the Novell server to rest for the remainder of the labs. 


Trouble Ticket 5 


What is the effect of duplicate IP addresses? Change hosta to the same address as rle0. Observe 
the results and change the address after the fact. 


Trouble Ticket 6 


It is helpful to be aware of housekeeping-type traffic on your network so that you can easily spot 
issues. Log all activity to a file (such as | do with SecureCRT for the answer). Debug CDP events 
and analyze the packet capturing. Optionally, turn on debugs for EIGRP, too. Use Sniffer to 
capture the activity for about 3 or 4 minutes to a file and save the file as chapter 5 background 
traffic sniffer capture. 


Trouble Ticket 7 


Clear the interface counters for rleO. Turn on debug arp. Start a continuous ping from hosta to 
hostb using ping -t. Make sure you can see both your command-prompt window and your 
connection to rl on your screen at the same time. Disconnect the cable from the Ethernet dongle 
on hosta. Show the interface a couple of times while you wait about 20 seconds. Plug the cable 
back in and observe the results. Ctrl+C stops the continuous ping. Log all activity to a file using 
a terminal-emulation application such as HyperTerm or SecureCRT. 


Trouble Ticket 8 


Configure all routers to send their syslog output to hosta, and set up hosta as a syslog server. To 


test this out, you can download the 3CDaemon product for free from 
support.3com.com/infodeli/swlib/utilities for windows 32 bit.htm. What is the default speed 
and duplex setting for r3's fast Ethernet interface? Clear the interface statistics for r3fa2/0. Turn 
ondebug arp. Start a continuous ping from hostc to hostb using ping -t. Disconnect the cable 
from the Ethernet dongle on hostc. Show the interface a couple of times while you wait about 20 
seconds. Plug the cable back in and observe the results. Ctrl+C stops the continuous ping. 


Trouble Tickets Solutions 


These solutions are not always the only way to perform these tasks. However, the upcoming 
chapter scenarios are based on these solutions. 


Trouble Ticket 1 Solution 


There are a couple of issues in Trouble Ticket 1. First, you do not have a route to the 10.2.2.0 
network in the rl routing table, much less the r5 routing table. This is because ElGRP 
automatically summarizes IP at the classful boundary. Actually, you had this problem back in the 
|P chapter, and in this chapter's scenario. The no auto-summary command is a good command 
to remember for classless protocols such as EIGRP and RIPv2 that automatically summarize at 
the classful boundary. Look back at the routing table display in Trouble Ticket 1 to see the null 0 
routes for the classful boundary of 192.168.5.0/24 and 10.0.0.0/8. Fix the issue as in Example 5- 
27 so that you can see both 10.1.1.0 and 10.2.2.0 from any router. This issue is referred to as 
discontiguous subnets. EIGRP is a classless routing protocol and certainly supports them, but not 
with the default automatic classful summarization. If you actually had this issue, perhaps you did 
not save your running-config to your startup-config when you fixed the problem earlier in the 
chapter. Therefore when the device rebooted because of a power problem, it read the contents of 
NVRAM. Turning off summarization is not best practice either. Summarize the 192.168.5.0 
network using a 255.255.255.0 mask so that you minimize the impact of changes made in the 
internetwork. 


Example 5-27. Summarizing EI GRP 


rl(config) #router eigrp 500 

rl (config-router) #no auto-summary 

rl(config-router) #interface serial 0 

rl(config-if) #ip summary-address eigrp 500 192.168.5.0 ? 
A.B.C.D IP network mask 


rl(config-if)#ip summary-address eigrp 500 192.168.5.0 255.255.255.0 


r3 (config) #router eigrp 500 

r3(config-router) #no auto-summary 

v3 (config-router) #interface serial 0/3 

r3(config-if) #ip summary-address eigrp 500 192.168.5.0 255.255.255.0 


r3(config-if) #end 


r3#show ip route 


192.168.5.0/24 is variably subnetted, 7 subnets, 2 masks 


Cc 192.168.5.96/28 is directly connected, FastEthernet2/0 

ey 192.168.5.64/28 is directly connected, Serial0O/1 

ic 192.168.5.80/28 is directly connected, Serial0/0 

D 192.168.5.32/28 [90/40537600] via 192.168.5.81, 00:00:40, Serial0/0 


[90/40537600] via 192.168.5.49, 00:00:40, Serial0/2 


[90/40537600] via 192.168.5.65, 00:00:40, Serial0/1 


Cc 192.168.5.48/28 is directly connected, Serial0/2 
D 192.168.5.0/24 is a summary, 00:00:14, Null0 
D 192.168.5.16/28 [90/40537600] via 192.168.5.81, 00:00:40, Serial0/0 


10.0.0.0/24 is subnetted, 2 subnets 


D 10.1.1.0 [90/41024000] via 192.168.5.81, 00:00:40, Serial0/0 


c 10.2.2.0 is directly connected, Serial0/3 


r4#show ip route 


D 192.168.5.0/24 [90/40514560] via 10.2.2.1, 00: 


10.0.0.0/24 is subnetted, 2 subnets 


D 10.12.10 [90/41536000] via 10.2.2.1, 00:00: 


c 10.2.2.0 is directly connected, Serial0/0 


r5#show ip route 


D 192.168.5.0/24 [90/40537600] via 10:1.1.1, 00: 


10.0.0.0/24 is subnetted, 2 subnets 


D 10.2.2.0 [90/41536000] via 10.1.1.1, 00:00: 


cS 10.1.1.0 is directly connected, Serial0O 
ro#ping 10.2.2.2 


Type escape sequence to abort. 


00:31, Serial0/0 


32, Serial0d/0 


00:04, SerialO 


04, SerialO 


sending 5, 100=byte ICMP Echos to 10.2.2.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 84/88/92 ms 


EIGRP enables you to summarize on any interface you choose and requires you to turn off 
classful summarization for discontiguous subnets to work. Draw yourself a picture if you need to. 
Draw subnet 10.1.1.0/24 on the left, 192.168.5.0/24 in the middle, and 10.2.2.0/24 on the right. 
Then it will be clear that you have two network 10.0.0.0 subnets separated by the 192.168.5.0 
network. The no auto-Summary was not necessary on r2, r4, r5, but required onrl and r3. A 
good test is to go tor2 and make sure it has a route for 10.1.1.0/24 and a route for 10.2.2.0/24. 
However, the ping from r5 to 10.2.2.2 works just fine, too. 

R1 and r3 have interfaces in multiple networks. By summarizing the 192.168.5.0 routes to r5 and 
r4, you significantly reduce the routing table size as well as localize the impact of changes. Note 
also the multiple paths to 192.168.5.32 as shaded in the r3 routing table. 

Remember to save all your configurations to startup- config (NVRAM). Compare them to my 
SecureCRT log if you need something to compare them to. Although not specified in the Trouble 
Ticket, it is assumed knowledge to also copy the configurations to another location for backup (to 
a TFTP server, for instance). 


Trouble Ticket 2 Solution 


Looks like someone forgot the encapsulation on rle0. Example 5-28 shows the fix. 


Example 5-28. SAP Encapsulation 


r1l(config) #interface ethernet 0 
r1l(config-if) #encap sap 
rl(config-if)#!!!better try again 
rl(config—-if) #ipx encap sap 

rl (config-if) #end 


rl#show ipx interface brief 


Interface IPX Network Encapsulation Status IPX State 
Ethernet0O 516 SAP up [up] 
Ethernetl unassigned not config'd up n/a 
Serial0O unassigned not config'd up n/a 
Seriall unassigned not config'd up n/a 


rl#show ipx route 


2 Total IPX routes. Up to 1 parallel paths and 16 hops allowed. 

No default route known. 

ie 516 (SAP), Et0O 

R 346648E2 [02/01] via 516~0080.29e8.5C6b, 5s, Et0 

rl#debug ipx sap activity 

IPX service debugging is on 

vl# 

02:10:21: IPXSAP: Response (in) type 0x2 len 288 src:516.0080.29e8.5c6b 
desti51l6..ffff.fftt.fere (452) 

02:10:21: type 0x4, "GWISE", 346648E2.0000.0000.0001(451), 1 hops 


02:10:21: type Ox26B, "GWISE_TREE GRN@@@@@DPIJ", 


346648E2.0000.0000.0001(5), 1 hops 


02:10:21: type 0x278, "GWISE_TREE GRN@@@@@DPIJ", 


346648E2.0000.0000.0001(4006), 1 hops 
02:10:21: type 0x107, "GWISE", 346648E2.0000.0000.0001(8104), 1 hops 
02:10:46: IPXSAP: positing update to 516.ffff.fffLf.£fLFL via Etherneto 
(broadcast) (full) 
02:10:46: IPXSAP: suppressing null update to 516.ffff.ffff.ffff 
rl#undebug all 
All possible debugging has been turned off 


rl#copy running-config startup-config 


It is always a good practice to show your interfaces as in the original Trouble Ticket for 
troubleshooting. If you were to issue the show ipx interface brief command, for instance, you 
would quickly see the encapsulation and status IPX network 516, whereas show ipx interface 
e0 would show the node address, too. Copy all configurations to a TFTP server for backup. 


Trouble Ticket 3 Solution 


This requires commands on the server and on the router. Use a utility such as inetcfg or the 
command line on the server to change the frame type to bind an appropriate IP address to the 


NIC. | used 192.168.5.20/28. You can unbind any other frame types for now. Remember to issue 
thereinitialize system command at the Novell command prompt and verify with config. 
Change the encapsulation on rle0 to ARPA for Ethernet I| to match the server as in Example 5- 
29. 


Example 5-29. ARPA Encapsulation 


rl(config-if) #ipx encap arpa 

rl (config-if) #end 

rl#show ipx route 

Cc 516 (ARPA), Et0O 

cl#ping 192.168.5.20 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168 .5.20, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms 


rl#copy running-config startup-config 


It is always a good practice to show your interfaces as in the original Trouble Ticket for 
troubleshooting. If you were to issue the show ipx interface brief command, for instance, you 
would quickly see the encapsulation and status IPX network 516 (whereas show ipx interface 
e0 would show the node address, too). 


Trouble Ticket 4 Solution 


With duplicate MAC addresses involving a router, the router address takes priority and wins out 
over the host. (See Example 5-30.) Although there is really no message that comes right out and 
tells you there is a problem until you go to use the address, the output of debug arp is quite 
helpful. Remember to change the MAC address back after you experiment. 


Example 5-30. Duplicate MACs (Router and hostb) 


r1l(config) #interface ethernet 0 


rl(config-if) #mac-address ? 


H.H.H MAC address 
rl(config-if) #mac-address 0080.c7aa.c887 
rl (config-if) #end 
rl#show interface ethernet 0 


EthernetO is up, line protocol is up 


Hardware is Lance, address is 0080.c7aa.c887 


Description: rle0O to hosta hostb and gwise 


Internet address is 192.168.5.17/28 


MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, 


rely 255/255, 


Encapsulation ARPA, loopback not set, keepalive set (10 sec) 


ARP type: ARPA, ARP Timeout 04:00:00 


rl#debug arp 

ARP packet debugging is on 

O3:19:16: IP ARP req filtered sre 192.168..5. 
0000.0000.0000 it's our address 

03:19:18: IP ARP req filtered sre 192.168.5. 
0000.0000.0000 it's our address 

OSF19219% IP ARP req faltered sre 192.168:.5. 
0000.0000.0000 it's our address 

03:19:20: IP ARP req filtered sre 192.168.5. 
0000.0000.0000 it's our address 

rl#ping 192.168.5.19 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168.5. 

03:20:11: IP ARP: creating incomplete entry 

O33 20c¢12: IP ARP: sent req sre 192.168.535.127 


dst 1927 .168..5..19 0000. 0000. 


19 0080.c7aa.c887, 


19 0080.c7aa.c887, 


19 O080.6C/aa.e88 7, 


19 0080.c7aa.c887, 


19, 


for IP address: 


0080.c7aa.c887, 


0000 


Ethernet0O. 


(bia 0000.0c8d.6705) 


dst 


dst 


dst 


dst 


paca 


LO eis 


LO 2 


LO eis 


timeout is 2 seconds: 


load 1/255 


163) 


168. 


163s 


168. 


1922168519 


edd 


sll 


eld 


ee 


O32 2013: IP ARP: sent: req sre 192.168..5.17 O0S0.claawc887, 


dst 192.168.5.19 0000.0000.0000 EthernetO. 


Success rate is 0 percent (0/5) 


rl#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 192.168.5.33 - 0000.0c8d.6706 ARPA Ethernet1l 
Internet 192.168..5.34 3 0000.0c38.a05d ARPA Ethernetl 
Invernet 192.166 .5 20 3 0080.29e8.5c6b ARPA Ethernet0 
Internet 192.168.3217 = 0080.c7vaa.c887 ARPA Ethernet0 
Internet 192.168.5.19 0 Incomplete ARPA 


rl#undebug all 


All possible debugging has been turned off 


Because you didn't have CiscoWorks Campus Manager in your environment to help you run a 
report for duplicate MAC or IP addresses, your |OS show, logging, and debug commands can 
help you pinpoint the issue. Notice the incomplete ARP entry when you attempted to ping a host 
with the same MAC address as rl1e0. Prior to that, note the output of debug arp where the 
router complains about the address. Fix the issue as in Example 5-31 and verify your ping. 


Example 5-31. Resetting the MAC address Back to the Original 


rl(config) #interface ethernet 0 


r1l(config-if) #no mac-—address 


rl (config-if) #end 


rl#show interface ethernet 0 
EthernetO is up, line protocol is up 


Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 


rl#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 


Internet 192.168.5.33 - 0000.0c8d.6706 ARPA Ethernetl 
Internet 192.168.5.34 2 0000.0c38.a05d ARPA Bthernet 1 
Internet 192.168.3520 2 0080.29e8.5c6b ARPA Ethernet0 
Internet 192.168.5.17 - 0000.0c8d.6705 ARPA Ethernet0 


vl#ping 192.168.5.19 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.19, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 
cl#ping 192.168.5.19 

Type escape sequence to abort. 


Sending 5, 100=byte ICMP Echos to 192.168.5.19, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 


rl#copy running-config startup-config 


If issues remain, you may need to clear the ARP table using the clear arp-cache command 
because the entries are kept there for a 4-hour time period in Cisco devices. Because you really 
can't just clear one entry, it is better practice to bounce (shut/no shut) the affected interface 
first. If necessary, an ARP packet is broadcast (local broadcast) to resolve the destination | P 
address (Layer 3) to its equivalent MAC address (Layer 2). If the destination host is on the same 
subnet, the MAC is the destination host's address. If the destination host is on a different subnet, 
however, the resulting resolution is generally the default gateway (local router interface) MAC 
address. Because ARP is dynamic, any leftover issues eventually fix themselves. If you do need to 
fix them immediately, however, remember to shut/no shut the interface first and clear arp if 
necessary. 


Trouble Ticket 5 Solution 


Figure 5-18 shows the duplicate |P on hosta (a Windows 2000 box) after | configured it with the 
same IP as rle0. 


Figure 5-18. Duplicate | P on hosta (Windows 2000) 


Microsoft TCP/IP x 


AN The static IP address that was just configured is already in use on the network. Please reconfigure a different IP 


am] 


The router displayed the following: 


lw4d: sIP-4-DUPADDR: Duplicate address 192.168.5.17 on Ethernet0O, 


sourced by 0010.4ba5.ae50 


|P devices detect a duplicate because they hear an ARP broadcast with a source IP that matches 
their own. This message immediately shows up on the console of the router and would show up 
withshow logging history, too. 


Trouble Ticket 6 Solution 


Open Sniffer and observe the housekeeping traffic as | do in Figure 5-19,Figure 5-20, and 
Example 5-32. A quick glimpse shows that EIGRP, loop reply receipt, and CDP are running 
without you or me sending any data at all. 


Figure 5-19. Ethernet Keepalives 
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Figure 5-20. CDP Packets 
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If you are opening your own Sniffer file, right-click to mark the first loop reply receipt and click 


the next occurrence with the same address. Scroll if needed to see the relative time column to 
record that they occur every 10 seconds. These are Layer 2 keepalives. Notice in particular how 
on Ethernet the interface talks to itself quite frequently. When an interface misses three 
consecutive keepalives, the line protocol goes down. By talks to itself, | mean sends to its own 
MAC. In the Sniffer decode, when one is determining the period by locating each occurrence, one 
must ignore keepalives sent by other Cisco devices (with a different source MAC). 

It's important to note that the Ethernet keepalive provides a limited confidence test. On full- 
duplex media (UTP, fiber), for instance, the sender of the keepalive will not receive its own 
transmission. So the only assurance from the keepalive is that it can successfully transmit out the 
NIC. The receipt of the link pulses provides the only confidence in the other direction. It is quite 
possible to have one-way link, if the medium works only in one direction. One device will report 
that "line protocol is up" whereas the partner shows it as down. 

In addition, loss of link (Layer 1) causes the interface status to change to down within 1 second 


rather than in 30 seconds (Layer 2 keepalive). This also applies to the HDLC keepalive 
dependence on Layer 1 (DCD, CTS, Rx clock) for serial links on the WAN. 


Example 5-32. CDP Traffic 


rl#debug cdp events 

CDP events debugging is on 

rl#debug cdp packets 

CDP packet info debugging is on 

04:08:42: CDP-PA: Packet received from r3 on interface Seriall 
04:08:42: **Entry found in cache** 

04:08:55: CDP-PA: Packet received from r2 on interface Ethernetl 
04:08:55: **Entry found in cache** 

04:09:02: CDP-PA: Packet received from 804_rtr on interface Ethernet0 
04:09:02: **Entry found in cache** 


04:09:24: CDP-PA: Packet received from r5 on interface Serial0O 


04:09:24: **Entry found in cache** 


04:09:30: CDP-PA: Packet sent out on Ethernet0O 


04:09:30: CDP-PA: Packet sent out on Ethernetl 


04:09:30: CDP-PA: Packet sent out on SerialO 


04:09:30: CDP-PA: Packet sent out on Seriall 


04:09:42: CDP-PA: Packet received from r3 on interface Seriall 


04:09:42: **Entry found in cache** 


rl#show cdp 

Global CDP information: 
Sending CDP packets every 60 seconds 
Sending a holdtime value of 180 seconds 


rl#undebug all 


Because you captured CDP packets, take time to analyze them in the protocol analyzer trace in 
Figure 5-20. If you are curious about the 804 router in my display, it is just being used as hub to 
connect some devices together. Confirm that CDP messages occur every 60 seconds and that 
they use the destination multicast address of 01000ccccccc as in line 7 of Figure 5-20. Also note 
the EIGRP AS 500 multicast hellos over 224.0.0.10. 


NOTE 


If you are not seeing the housekeeping output mentioned, you may have a switch in 
your lab scenario and special commands are required to monitor the same activity. You 
will become familiar with that in the next chapter. Of course, CDP could be turned off as 
well. 


Trouble Ticket 7 Solution 


Theclear counters ethernet 0 command clears just the counters for the eO interface rather 
than all the counters that show up when you type show interfaces at the router enable prompt. 
When disconnecting the cable from the Windows 2000 box, the host very quickly flashes 
"hardware error, the request timed out," and then repeated a "destination host unreachable" 
message. When you plug the cable back in, things just pick up where they left off with the 
continuous ping on the host. The router receives the ARP broadcast, but the interface does not go 
down because it and the hosts on subnet 192.168.5.16/28 are plugged into a hub (see Example 
pe 33). 


Example 5-33. hosta Cable Disconnect SecureCRT Output 


rl#eclear counters ethernet 0 


Clear "show interface" counters on this interface [confirm] 


00:25:45: SCLEAR-5-COUNTERS: Clear counter on interface Ethernet0O by console 
rl#debug arp 
ARP packet debugging is on 
00:26:07: IP ARP: rcvd req sre 192.168.5.18 0010.4ba5.ae50, 
dst 192.168.5.19 Ethernet0 
rl#show interface ethernet 0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: rle0O to hosta hostb and gwise 


Internet address is 192.168.5.17/28 


rl#!!!this is when I plugged the cable back in 
rl#show interface ethernet 0 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: rle0O to hosta hostb and gwise 
Internet address is 192.168.5.17/28 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:00, output 00:00:02, output hang never 
Last clearing of "show interface" counters 00:01:33 
Queueing strategy: fifo 
OOr272172 IP ARP: revd req sre 192.168.5.18 0010.4ba5.ae50, 
dst 192.168.5.18 Ethernet0 
O02 277172 IP ARP: revd req sre 192.168:.5.18 0010.46a5..ae50;, 
dst 192.168.5.19 Ethernet0 


OO2273172 IP ARP: revd req sre 192.168..5.18 0010. 4b6a5.ae50, 


dst 192.168.5.18 Bthernet0 


OOr 27218: IP ARP: revd req sro 192.168.5.18 0010.4ba5..ae50, 
dst 192.168.5.18 EthernetO 


r1# 


If you analyzed the ARP table on the host with arp -a, you should have the MAC addresses and 
IP addresses for hosta and hostb. 


Trouble Ticket 8 Solution 


Configuring all routers for syslog is no more than just adding the global logging 192.168.5.18 
command to each router. This assumes that you are running the syslog on hosta. The default 
setting for r3 fa2/0 is 100-Mbps, full-duplex (see Example 5-34). To verify or change the setting 
on the host, you need the software that comes with the NIC (see Figure 5-21). 


Example 5-34. hostc Cable Disconnect 


r3#show interface fastethernet 2/0 


FastEthernet2/0 is up, line protocol is up 
Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.¢e300) 
Description: r3fa2/0 to hostc 
Internet address is 192.168.5.97/28 
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
Full-duplex, 100Mb/s, 100BaseTX/FX 


ARP type: ARPA, ARP Timeout 04:00:00 


r3#show running-config interface fastethernet2/0 
Current configuration: 


interface FastEthernet2/0 


description r3fa2/0 to hostc 


ip address 19226855597. 255.2555 290..240 


no ip directed-broadcast 


end 


r3#clear counters fastethernet 2/0 


CL 


r3 


00 


ear "show interface" 


#debug arp 


256753: SCLEAR= 


counters on this interface [confirm] 


5-COUNTERS: Clear counter on interface 


FastEthernet2/0 by console 


ARP packet debugging is on 


3 


00 


Or 


00: 


OL: 


OL: 


OL 


# 


2598372 IP ARP: 


revd req sre 192.168.5.98 O050.04dE . 58&3¢, 


dst 192.168.5.97 FastEthernet2/0 


59:37: IP ARP: 


5923/3 IP ARP: 


00:06: SLINEPROTO-5-UPDOWN: 


ereating entry for IP address: 


L92'..168:. 54.98% 


sent: rep ste 192.168.5.97 00b0.6481 ,e300;, 


hw: 0050.04d£.5f3c 


dst 192.168.5.98 0050.04df.5f3c FastEthernet2/0 


changed state to down 


00:06: IP ARP: 


00:06: IP ARP: 


sent: req sre 192.168.535.997 


dst 192.168.5.98 0050. 04d£. 


sent. ‘rep sre 192.168.5.97 


dst. 192 168.5<97 EERE MEP res 


r3#show interface fastethernet 2/0 


FastEthernet2/0 is up, 


Hardware is AmdFE, 


Description: r3fa2/0 to hostc 


Internet address is 192.168.5.97/28 


MTU 1500 bytes, 


line protocol is down 


address is 00b0.6481.e300 


O0b0. 


IEZE 


OO0b0. 


ELE 


BW 100000 Kbit, DLY 100 usec, 


6481.¢e300, 


Line protocol on Interface FastEthernet2/0, 


FastEthernet2/0 


6481.¢e300, 


FastEthernet2/0 


rely 255/255, 


(bia 00b0.6481.¢e300) 


load 1/255 


Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
Full-duplex, 100Mb/s, 100BaseTX/FX 

ARP type: ARPA, ARP Timeout 04:00:00 

Last input 00:00:58, output 00:00:01, output hang never 


Last clearing of "show interface" counters 00:01:42 


Figure 5-21. 3Com NIC Diagnostics 


3Com PC Card Diagnostics v1.02 


Trouble Ticket 8 has a point-to-point connection, whereas Trouble Ticket 7 had a shared hub 
connection. Line protocol goes down when the host misses three consecutive keepalives in a 
shared environment, but here the line protocol goes down upon loss of link. In Example 5-35, 
notice how because of autonegotiation the duplex setting ended up as half-duplex. This is the 
frequent cause of errors and bizarre problems. Although autonegotiation has certainly matured 
over the years, in most cases | still recommend that the settings be specified on both ends. You 
can hard code the duplex to full using the interface full-duplex command. Syslog should have 
indicated the clearing of the counters and the interface changes such as in Example 5- 36. 


Example 5-35. Plug the Cable Back In 


01:00:56: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, 
changed state to up 
01:00:59: IP ARP: creating incomplete entry for IP address: 192.168.5.98 
01:00:59: IP ARP: sent req src 192.168.5.97 00b0.6481.e300, 
dst 192.168.5.98 0000.0000.0000 FastEthernet2/0 
Q1:00:59; IP ARP: revd rep sre 192.168.5.98 0050.04df.5f3e, 
dst 192.168.5.97 FastEthernet2/0 
vr3#show interface fastethernet 2/0 
FastEthernet2/0 is up, line protocol is up 
Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.e300) 
Description: r3fa2/0 to hostc 
Internet address is 192.168.5.97/28 
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
Half-duplex, 100Mb/s, 100BaseTX/FX 


ARP type: ARPA, ARP Timeout 04:00:00 


Example 5-36. Syslog Output 


Nov 11 19:04:02 192.168.5.82 82: lw5d: SCLEAR-5—-COUNTERS: 
Clear counter on interface FastEthernet2/0 by console 
Nov 11 19:06:21 192.168.5.82 83: lw5d: SLINEPROTO-5-UPDOWN: 
Line protocol on Interface FastEthernet2/0, changed state to down 


Nov 11 19:07:42 192.168.5.82 84: lw5d: SLINEPROTO-5-UPDOWN: 


Line protocol on Interface FastEthernet2/0, changed state to up 


You have completed the chapter Trouble Tickets when you feel comfortable with the tasks 


assigned and the various scenarios throughout the chapter. Review or experiment in the areas 
where you need more help. Understanding and troubleshooting in a simple environment is 
certainly the foundation for understanding and troubleshooting more complex protocols and 
technologies. Check your understanding with the chapter review questions. 


Review Questions 


Use the chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


Le 


How would a user complain to you about an incorrect frame type issue? 


Lg 


What is the EtherType and SAP for Novell IPX? How does the receiving station 
recognize an 802.3 Novell-Ether frame? 


3: How do you know when an Ethernet network needs to be upgraded? 
4: What does the following error message indicate: "% CDP-4- 
DUPLEXMISMATCH: Full/half duplex mismatch detected"? 
5: Will communications occur if the port on one side of the link is set to full-duplex and 
the other side is set to half-duplex? How about if there is a speed mismatch? 
6: True or false: Fast Ethernet can carry more than 1500 bytes of data in the payload. 
7: What types of housekeeping traffic would you expect on the wire with Ethernet ina 
network similar to the chapter scenario? (Refer back to Figure 5-1.) 
8: When should you clear the counters on an Ethernet interface? How do you clear the 
counters for interface e0? 
9: Compare DIX Ethernet to |EEE Ethernet 
10: What frame type carries CDP packets? How do you know? 
11: What command shows you the Layer 2 address for Ethernet on a Microsoft client? 
On a Cisco router? 
12: Are collisions an issue in full-duplex Ethernet? Why or why not? 


Summary 


Despite its historical contending nature, it still continues to grow. Ethernet is everywhere. If only 
Bob Metcalfe would have known the future when he decided on the name. Understanding it and 
leveraging off of the existing Ethernet makes it easier to configure and troubleshoot. Ethernet 
has always been appropriate for sporadic, occasionally heavy traffic at high-peak data rates, but 
Ethernet switching is really what has kept Ethernet alive. The full-duplex capabilities take the 
collisions out of Ethernet and can really drive up the throughput. 


This chapter reviewed the evolution of Ethernet, including standards and detailed information at 
the Data Link and Physical Layers, to assist you with shooting Ethernet troubles. The next two 
chapters continue your Ethernet experience with Ethernet switching and VLANs. 


Chapter 6. Shooting Trouble with CatOS 
and lOS 


Cisco started its internetworking revolution with routers, but soon found out with the help of 
those they acquired that switches are quite beneficial, too. A solid understanding of switches and 
routers is crucial for supporting networks as well as obtaining your CCNP and other industry 
certifications. This chapter assumes knowledge of the previous chapters, but in particular 
Chapter 5, "Shooting Trouble with Ethernet," and Chapter 3, "Shooting Trouble with IP." 

In this chapter you eliminate any hubs and connect your hosts to Cisco switches to build the 
scenario. Then you review Ethernet switching concepts, symptoms, problems, and action plans. 
Throughout the chapter there are several walk-through scenarios and practical Trouble Tickets 
for you to explore. For those of you who do not have equipment handy, the rest of this book 
contains many relevant figures, examples, and explanations so that you too can follow along to 
gain practical experience. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with CatOS and!OS 
e Segmentation Review 

e Spanning Tree Protocol (STP) 

e The Cisco Command-Line Interface (CLI) 

e Cat5000/Cat6000 Architecture 

e Shooting Trouble with Switches 

e Trouble Tickets 


e Trouble Tickets Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table |-1 in the Introduction. 


Scenario: Shooting Trouble with CatOS and IOS 


This chapter requires changes to your physical topology. You configure the Cisco routers and switcl 
Figure 6-1. The rest of the chapter deploys this scenario, so be sure to save your configurations be 
and after. For example, | saved my Chapter 5 configurations to a file called Chapter 5 Ending Confi 


Figure 6-1. Shooting Trouble with CatOS and 1OS 
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Ideally, you should have at least one CatOS- based switch and one |OS-based switch. The CatOS us 
show, clear syntax, whereas the |OS is more like using the command-line interface (CLI) of a rou 
three different switches for the scenario so that you get a feel for using HTTP and menus on a 1900 
3512XL, and CatOS on a 2900. The 2900 CatOS box has many similarities to the 4000/ 5000/6000 
Cisco switches. Although the 2900 in my lab has been discontinued for several years, it's basically | 
configuration 5002, limited to a Supervisor |. By all means, if you have access to newer devices (St 
6509s), use them instead. My point of using the older ones is to illustrate the fact that you don't ne 
a lot of money on new devices to learn how to troubleshoot. 


NOTE 


What this chapter is not is a device manual for all of Cisco's switches. If you want that, go to 
Cisco.com, search for "cisco product quick reference guide" to view it online or order your owr 
subscription. The quick reference guide includes product overviews, photos, technical specifice 
and more. 


| will briefly review such topics as segmentation, switching modes, speed and duplex settings, the: 
analyzer (SPAN) for port monitoring, and the Spanning Tree Protocol (STP) to assist you with supp 
switched Ethernet environments. As in the other practical study support topics, it is essential for yc 
continue to identify targets and document the results using such commands as ping, trace, set, s| 
and other troubleshooting utilities. 


The scenario goal is to analyze real-world Catalyst switch issues including physical, data-link, and: 
errors. Document your steps and any problems along the way. For this chapter keep everything on 
192.168.5.96/28 and assume no VLANs other than the default. Ensure that you can telnet to each: 
configure it. Optionally attach the switches to the terminal server for convenience. Configure the sv 
starting with the 1900 first, then the 3512XL 1OS- based switch, and finally the 2900 CatOS switch 
Figure 6-1. On the router, advertise loopback 10 (192.168.6.100/28) in RIP to simulate an externa 
Save your work, and don't forget to test things out. All hosts should be able to communicate with t 
you choose to set up on your server farm off of the 2900 as well as to the outside world. 


There is not always one right or wrong way to accomplish the tasks presented. The ability to obtair 
result using good practices is extremely important in any real-world network. Where specific paran 
not given, feel free to make the necessary choices to work through the scenario. Troubleshooting a 
configurations are included so that you can compare your work and perhaps see a different approa 
obtaining the end result. Use the previous IP (Table 3-1) and Ethernet (Table 5-1) quick checklists, 
by-step troubleshooting methodology and intuition, and the switch quick checklist in Table 6-1 toa 
testing. 


The switch troubleshooting checklist in Table 6-1 assumes that you are familiar with the Ethernet a 
troubleshooting checklists from the previous chapters, so those commands are not repeated here. | 
Table 6-1 displays how to quickly spot issues with modules and ports because they are the main ta 
switch troubleshooting. A more complete table of CatOS and !1OS commands is provided in the sect 


Cisco Command-Line Interface (CLI)." 


Table 6-1. Switch Quick Troubleshooting Checklist 


CatOS Syntax 10S Syntax 

show cdp neighbors >show cdp neighbors 

show module >show module 

show version >show version 

show config/ write terminal #show config/show startup-config 
show arp >show arp 

show cam dynamic #show mac-address-table 

show port #show interface status 

set trace #debug 


This chapter scenario's switch, router, and host configurations are displayed starting in Example 6- 
switch is not running the Enterprise Edition of the software, so the CLI is not available. Instead of t 
the software, reset the switch to its factory defaults using the menus as in Example 6-1. 


Example 6-1. Resetting the 1900 to the Factory Defaults Using the Menu 


Catalyst 1900 Management Console 
Copyright (c) Cisco Systems, Inc. 19935-1998 
All rights reserved. 


Standard Edition Software 


Ethernet Address: 00-90-92-2A-76-80 
PCA Number: Y3=223'9=05 
PCA Serial Number: FAA02291854 
Model Number: WS-C1924-A 


System Serial Number: FAA0227W0U1 


1 user(s) now active on Management Console. 


User Interface Menu 


[M] Menus 
[I] IP Configuration 
Enter Selection: M 
Catalyst 1900 —- System Configuration 


System Revision: 1 Address Capacity: 1024 


System UpTime: Oday(s) OOhour(s) OOminute(s) 45second(s) 
Settings 

[N] Name of system sw1900 
[C] Contact name donna 1 harrington 
[L] Location broad creek 
[S] Switching mode Store-and-Forward 
[U] Use of store-and-forward for multicast Disabled 
[A] Action upon address violation Disable 


[G] Generate alert on address violation Disabled 


[I] Address aging time 300 second(s) 
[P] Network port None 
[H] Half duplex back pressure (10-mbps ports) Disabled 


ica) 


Enhanced congestion control (10-mbps ports) Adaptive 


Actions 


[R] Reset system [F] Reset to factory defaults 


Related Menus 


[B] Broadcast storm control [X] Exit to Main Menu 
Enter Selection: F 
This command resets the switch with factory defaults. All system 
parameters will revert to their default factory settings. All static 
and dynamic addresses will be removed. 


Reset system with factory defaults, [Yles or [N]o? Yes 


Next configure the |P parameters and make sure HTTP is operational on port 80 as in Examples 6-: 


Example 6-2. Setting the IP Parameters on the 1900 (HTTP Port 80) 


Catalyst 1900 - Main Menu 
[C] Console Settings 
[S] System 


[N] Network Management 


Port Configuration 


{[H] Help 


[X] Exit Management Console 


Enter Selection: N 


Catalyst 1900 - Network Management 


[I] IP Contiguratron 


[S] SNMP Management 


[B] Bridge - Spanning Tree 


[C] Cisco Discovery Protocol 


[G] Cisco Group Management Protocol 


{[H] HTTP Server Configuration 


[X] Exit to Main Menu 


Enter Selection: H 


Catalyst 1900 - HTTP Server Configuration 


Settings 
[H] HTTP Enabled 
[P] HITE Port 80 

[X] Exit to previous menu 


Enter Selection: xX 


The shaded output indicates that HTTP port 80 is the default on the 1900. HTTP and menus are ger 
available on Cisco switches, but not always configured as the default for security reasons. For exan 
global command ip http server enables this on my IOS switch, although most people want to kno 
disable such features. Type no ip http server to disable it afterward if you want to experiment wil 
based Visual Switch Manager on the 3512XL. 


Next, set the |1P address on the 1900 as in Example 6-3 so that you can manage the device remote 


Example 6-3. Setting the IP Parameters on the 1900 (Address) 


Catalyst 1900 - Network Management 


[21] IP Configuration 


[S] SNMP Management 


[B] Bridge - Spanning Tree 

[Cl] ‘Caseo Discovery Protocol 

[G] Cisco Group Management Protocol 
[H] HTTP Server Configuration 

[X] Exit to Main Menu 


Enter Selection: I 


Catalyst 1900 - IP Configuration 


Ethernet Address: 00-90-92-2A-76-80 


Settings 
[I] IP address O..0'5 0120 
[S] Subnet mask 0.0...0...0 
[G] Default gateway O'«.O5'0's0 
[M] IP address of DNS server 1 Os. O120:20 
[N] IP address of DNS server 2 Oe O80 
[D] Domain name 
[R] Use Routing Information Protocol Enabled 
Actions 


[P] Pang 
[X] Exit to previous menu 
Enter Selection: TI 
This command assigns an administrative IP address to this switch. 
The new address will take effect immediately. 
If no IP address is assigned (or if the IP address is removed by setting 
it to 0.0.0.0), and the switch is connected to a DHCP server, the DHCP 


server may automatically assign an address to the switch. 


Enter administrative IP address in dotted quad format (nnn.nnn.nnn.nnn): 


Current setting ===> Oe On Ose 0 


New setting ===> 192.168.5.100 


Configure the subnet mask as in Example 6-4. 


Example 6-4. Setting the IP Parameters on the 1900 (Subnet Mask) 


Catalyst 1900 =— IP Configuration 


Ethernet Address: 00-90-92-2A-76-80 


Settings 

[I] IP address 192°.168:.5:.10'0 

[S] Subnet mask 0. 0:..0...0 

[G] Default gateway O:..0:.:0'.,0 

[M] IP address of DNS server 1 0...0:..0'.:0 

[N] IP address of DNS server 2 0 .,0:.'0:.,0 

[D] Domain name 

[R] Use Routing Information Protocol Enabled 
Actions 


[P] Ping 


[X] Exit to previous menu 


Enter Selection: S 


This command defines the subnet mask for the IP address set by the 


[I] IP Address command. 


Enter IP subnet mask in dotted quad format (nnn.nnn.nnn.nnn): 


Current setting ===> O-. Oc OF © 


New setting ===> 255.255.255.240 


Catalyst 1900 - IP Configuration 


Ethernet Address: 00-90-92-2A-76-80 


Although not required for the chapter labs, configure the default gateway as in Example 6-5 and m 
used in the menu output. 


Example 6-5. Setting the IP Parameters on the 1900 (Default Gateway) 


Settings 
[I] IP address 192..168:. 52100 
[S] Subnet mask 255.255.255.240 
[G] Default gateway Oks Osi) 
[M] IP address of DNS server 1 0 Os:0'5.0 
[N] IP address of DNS server 2 0.3/0) s O30 
[D] Domain name 
[R] Use Routing Information Protocol Enabled 
Actions 


[Pi] Pang 

[X] Exit to previous menu 
Enter Selection: G 
The default gateway IP address is the address of the next hop 
router the switch uses to reach a non-local IP host when the switch 
does not know the return route. During a normal management protocol 
exchange with an IP client host, the switch simply sends its response 
onto the same route from which the request was received. The default 


gateway route is only used when the switch itself initiates an exchange, 


e.g., a TFTP upgrade, with the client. 


Type the address in dotted quad format (nnn.nnn.nnn.nnn): 


Current setting ===> OQ. O.« OO. 0 


New setting ===> 192.168.5.97 


Catalyst 1900 - IP Configuration 


Ethernet Address: 00=90=92=2A=76=80 


Settings 


[I] IP address 


[S] Subnet mask 


[G] Default gateway 


[M] IP address of DNS server 1 


[N] IP address of DNS server 2 


[D] Domain name 


[R] Use Routing Information Protocol 


192.6 L685: Sie L00 


2956290. 299.240 


LO? 2 168. Si: 7 


OL... O50 


O'.0'. 04.0 


Enabled 


Actions 
[Pp] Pang 
[X] Exit to previous menu 


Enter Selection: xX 


NOTE 


The management IP address is configured in global configuration mode rather than on an inte 
a Layer 2 device. The interfaces are Layer 2 ports and do not understand IP, which is Layer 3. 


The Enterprise Edition on the 1900 would have enabled you to reset the switch to the factory defau 
the IP parameters using the commands in Example 6-6. Remember that the 1900 automatically wr 
configuration to NVRAM like the Cat5000 series switches and the older 2900 | am using for my lab. 


Example 6-6. Configuring the 1900 with the Enterprise Edition CLI 


switch>enable 
switch#delete nvram 
switch#reload... 
switch#configure terminal 


switch (config) #hostname sw1900 


swl1900(config)#ip address 192.168.5.100 255.255.255.240 


sw1900 (config) #ip default-gateway 192.168.5.97 


NOTE 
AlthoughExample 6-6 illustrates the hostname command to give the switch a name, you hav 


configured that yet using the menus. You can do this from the main menu by selecting Syster 
thenName of System. However, | will have you assign this later using the HTTP interface. 


Configure hosta and hostb as in Table 6-2 to test your IP connectivity to the switch. Compare your 
againstExample 6-7. 


Table 6-2. Scenario Host Configuration 


Host IP Address Subnet Mask Gateway 

hosta 192.168.5.101 255.255.255.240 192.168.5.97 
hostb 192.168.5.102 255.255.255.240 192.168.5.97 
hostc 192.168.5.103 255.255.255.240 192.168.5.97 


Example 6-7. Ping Test from hosta to the 1900 


C:\>ping 192.168.5.100 

Pinging 192.168.5.100 with 32 bytes of data: 
Request timed out. 

Request timed out. 

Request timed out. 


Request timed out. 


Ping Statistics for 192.168 .5.100% 


Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 


As you can see, the ping from hosta to the 1900 switch failed. Software configuration is one thing, 
better have the physical means of getting the packets from the host to the switch. That means you 
and a straight-through cable at that; so plug it in and troubleshoot further until your pings are suc 
you are at it, verify all physical connectivity against the chapter scenario in Figure 6-1. 


Next validate communications up through the Application Layer by using your web browser (Intern 
or Netscape) on hosta to manage the switch as in Figure 6-2. 


Figure 6-2. Accessing 1900 Through a Web Browser 
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Name the switch sw1900, apply your changes, and experiment with the HTTP interface a bit, inclu 
the cable from one port to another. Now that you confirmed operations from the Physical through t 
Application Layers on the 1900, proceed to the 3512XL configuration as in Example 6-8. Clear any 
configuration and set up the IP address and subnet mask. 


Example 6-8. Clearing the Existing Configuration on the sw3512XL Using 
10S 


c3512xl#write erase 


c3512xl#reload 


The system is not configured to boot automatically. The 


following command will finish loading the operating system 
software: 

boot 
switch:boot 
Loading "flash:c3500XL-c3h2s-mz-112.8.2-SA6.bin"...###tt# 

aH HEH HEH HEH HE HH EH EE EE EE EE EE EE EE EE EE EH EE HEH EEE EEE EE EEE EEE EEE EEE EH 
File "flash:c3500XL-c3h2s-mz-112.8.2-SA6.bin" uncompressed and installed, entry po 
executing... 


Restricted Rights Legend 


Cisco Internetwork Operating System Software 
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 11.2(8.2)SA6, 


MAINTENANCE INTERIM SOFTWARE 


My switch has some interesting issues in that it does not boot up automatically. Look up the messa 
website so that you can fix the boot issue if a similar type of thing happens to you. 


Now that you have cleared the contents of NVRAM, configure the hostname and IP parameters as i 
9. View the configuration in RAM. 


Example 6-9. Configuring the 3512XL Using the Cisco |1OS 
Switch>enable 
Switch#configure terminal 


Switch (config) #hostname sw3512XL 


SW3512XL (config) #ip address 192.168.5.99 255.255.255.240 


% Invalid input detected at '*' marker. 


SW3512XL (config) #end 


SW3512XL#show running-config 


hostname SW3512XL 
interface VLAN1 

no ip route-cache 
interface FastEthernet0/1 


interface FastEthernet0/2 


SW3512XL#configure terminal 

SW3512XL (config) #interface vlanl 

SW3512XL(config-if) #ip address 192.158.5.99 255.255.255.240 
SW3512XL(config-if)#no shut 

SW3512XL(config-if) #end 

SW3512XL#copy running-config startup-config 


SW3512XL#show running-config 


hostname SW3512XL 
interface VLAN1 
ip address 192..158.5.99 255.255.255.240 


no ip route-cache 


NOTE 


Note how you needed to assign the IP address to a logical interface such as interface vlan1 for 
and management purposes in Example 6-9. This is common for Layer 2-based |OS switches. 


Example 6-10. Fix the 3512 XL Manual Boot Issue 


SW3512XL>enable 


SW3512XL#show boot 


BOOT path=list: flashsc3500XL=c3h2s=mz=-112.8.2=SA6.bin 
Config file: flash:config.text 

Enable Break: 1 

Manual Boot: yes 


HELPER path-list: 
NVRAM/Config file 

buffer size: 32768 
SW3512XL#configure terminal 
SW3512XL (config) #no boot manual 


SW3512XL (config) #end 


SW3512XL#copy running-config startup-config 


SW3512XL#reload 
Proceed with reload? [confirm] 
SSYS-5-RELOAD: Reload requested 
C3500XL Boot Loader (C3500-HBOOT-M) Version 11.2(8.1)SA6, 
Compiled Fri 14-May-99 17:59 by jchristy 
Sstartings.< » 


Base ethernet MAC Address: 00:d0:79:68:84:80 


C3500XL INIT: Complete 


SW3512XL>enable 


SW3512XL#show boot 


MAINTENANC 


= 


Tr 


BOOT path=list*: flash:c3500XL=c3h2s=mz=112..8..2=SA6.bin 


aly 


INTERIM SOFT 


Config file: flash:config.text 
Enable Break: i 

Manual Boot: no 

HELPER path=Llist: 

NVRAM/Config file 


buffer size: 32768 


Set up hostc as in Table 6-2. Ensure connectivity between hostc and the 3512XL with me in Examp 


Example 6-11. Ping Test from sw3512XL to hostc 


SW3512XL>ping 192.168.5.103 
Sending 5, 100-byte ICMP Echos to 192.168.5.103, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 


SW3512XL>show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
VLAN1 19231583 5.99 YES NVRAM up up 
FastEthernet0/1 unassigned YES unset down down 
FastEthernet0/12 unassigned YES unset down down 
GigabitEthernet0/1 unassigned YES unset down down 
GigabitEthernet0/2 unassigned YES unset down down 


SW3512XL>enable 
SW3512XL#configure terminal 
SW3512XL (config) #interface vlanl 


SW3512XL(config-if) #ip address 192.168.5.99 255.255.255.240 


SW3512XL (config-if) #end 


SW3512XL#copy running-config startup-config 


SW3512XL#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
VLAN1 192.163'.5:9'9 YES manual up up 
FastEthernet0/1 unassigned YES unset down down 
FastEthernet0/11 unassigned YES unset up up 


SW3512XL#ping 192.168.5.103 
Sending 5, 100-byte ICMP Echos to 192.168.5.103, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1004 ms 


As you can confirm from the shaded output, | typed incorrectly when | put in the |P address. My fir 
however, might have been that there is a cable problem. 


Move along to the 2900 CatOS-based switch. Clear the configuration and configure the switch as in 
12. 


Example 6-12. Clearing and Configuring the 2900 Using CatOS 


Cat2900> (enable) clear config all 


This command will clear all configuration in NVRAM. 


This command will cause ifIndex to be reassigned on the next system startup. 
Do you want to continue (y/n) [n]? y 

System configuration cleared. 

Console> (enable) set system name sw2900 

System name set. 

sw2900> (enable) set interface scO 1 192.168.5.98 255.255.255.240 


Interface scO vlan set, IP address and netmask set. 


sw2900> (enable) set interface scO up 
Interface scO administratively up. 


sw2900> (enable) show config 


If you have one, set the Windows NT Server with 192.168.5.110/28 and a gateway of 192.168.5.9° 
ping test from the Windows NT Server to sw2900. Don't be concerned if you don't have a Novell Se 
Windows NT Server on your server farm. The advantage to having a server is you can turn on a rot 
protocol for the server to learn the routes out of the network if you have multiple ways out. Becaus 
really only has one way out, a default gateway serves the purpose just fine. After you set up the 2¢ 
router, use the router to test connectivity as in Example 6-14. 


When you cleared the CatOS box, the default name was console. You gave it a system name and c 
configured a prompt to override the system name. The next part of the configuration is the scO por 
stands for Supervisor Console 0. It is the in-band IP management port for the box (so you can teln 
example). This is equivalent to the interface vilan# command in Example 6-9 for the |OS box. Th« 
show config have been omitted here for brevity. However, show config in CatOS gives you abou 
theshow startup-config command you are familiar with on the router in 1OS. You will have an op 
look at it later. 


All three of these switches portray the types of commands you need to support different Cisco swit 
The 1900 is kind of an overlay of the Cisco |OS. The 3500 series switches use the Cisco |OS, which 
1OS you are used to on the routers. The older 2900s are often thought of as part of the 5000 series 
because they use the set, show, and clear commands referred to as CatOS. This also is similar to 
on the 6000/6500 switches used in many practical environments today. The section on |OS and Ca 
help you support both operating systems over a variety of hardware platforms. 


Next, compare your physical topology to Figure 6-3, where | have provided a little more detail. Alt 
may have experienced a little vagueness, the point of not telling you where to plug in the cables th 
emphasize that it really doesn't matter on a Layer 2 device (as long as the speeds are compatible). 
will be easier for you to follow along if you rearrange your physical connections to match the new c 
update your documentation appropriately. 


Figure 6-3. New Scenario Diagram 


Server Farm 
{is optional) 


GWISE 


CatOS 
192.168.5.98/28 


192. 168.6.100/28 


The next task is to prepare the router you have been using for r3 per Figure 6-3. Erase the configu 


write erase or erase start and configure the router as in Example 6-13. 


Example 6-13. Configuring the Router 


Router (config) #hostname r3 

r3 (config) #enable secret donna 

r3(config) #line vty 0 4 

r3 (config-line) #login 

r3(config-line) #password donna 

r3(config-line) #line console 0 

r3(config-line) #logging synchronous 

r3 (config-line) #texit 

r3 (config) #interface fastEthernet 2/0 

v3 (config-if) #description r3fa2/0 to CatOS sw2900 2/3 


r3(config-if)#ip address 192.168.5.97 255.255.255.240 


13-3640 
Switches 
HTTP-—sw1900 


lOS-sw3512XL 
CatOS-—sw2900 


Outside 
World 


r3(config-if)#no shut 

r3 (config-if) #exit 

r3 (config) #interface loopback 10 

r3(config-if)#ip address 192.168.6.100 255.255.255.240 
r3(config-if)#no shut 

r3 (config-if) #exit 

r3 (config) #router rip 

r3(config-router) #network 192.168.5.0 
r3(config-router) #network 192.168.6.0 

r3 (config-router) #end 


r3#copy running-config startup-config 


Now test to make sure the router can communicate with the hosts as in Example 6-14. 


Example 6-14. Ping Tests from the Router 


r3#ping 192.168.5.101 


Sending 5, 100-byte ICMP Echos to 192.168.5.101, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


r3#ping 192.168.5.102 


Sending 5, 100-byte ICMP Echos to 192.168.5.102, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 

r3#ping 192.168.5.103 

Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.5.103, timeout is 2 seconds: 


Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 


Example 6-14 clearly illustrates that r3 can ping hostc, (well at least four out of five times) but not 
hostb. Look at your current drawing to help you determine where to start troubleshooting. If r3 car 
hostc, check end-to-end physical connectivity between the router and the host as well as addressin 
You should have gleaned that the first ping from r3 to hostc was missed due to Address Resolution 


(ARP) and that the right half of the network is working but the left half is broken. Work your way o 
router to hosta and hostb to find the issues. Example 6-15 shows the port status of port 1/1 on the 


Example 6-15. Testing the 2900 


sw2900> (enable) show port 1/1 


Port Name Status Vlan Level Duplex Speed Type 


1/1 connected 1 normal half 100 100BaseTX 


Review the port status on the 1900 in Example 6-16. 


Example 6-16. Testing the 1900 


Catalyst 1900 - Usage Summaries 
[P] Port Status Report 
[A] Port Addressing Report 
[E] Exception Statistics Report 


[U] Utilization. Statistics Report 


[B] Bandwidth Usage Report 
[X] Exit to Main Menu 
Enver Selection: P 
Catalyst 1900 - Port Status Report 


1 : Enabled 13 : Suspended-no-linkbeat 


2 : Enabled 14 : Suspended-no-linkbeat 


Catalyst 1900 - Main Menu 
[C] Console Settings 
[S] System 
[N] Network Management 
[P] Port Configuration 


[A] Port Addressing 


[H] Help 
[X] Exit Management Console 
Enter Selection: P 


Edentifty Port: 1 to 24[1-24], [AUI], [A], [B]: 


Select [1 - 24, AUI, A, B]: A 


Catalyst 1900 - Port A Configuration 


Built-in 100Base-TX 


802.1d STP State: Forwarding Forward Transitions: 1 


Auto-negotiation status: Half duplex 


NOTE 


The main menu and other output have been eliminated from the display where you see... ins 
instances. 


The 2900 can get to the 1900 but not to the hosts, so continue to troubleshoot. Although not show 
can't communicate with hosta or hostb either. 


My PCs were used for other purposes and when | last configured hosta, for some reason it didn't ta 
address. | had to set it for Dynamic Host Configuration Protocol (DHCP) and then manually configu 
address to clear the problem. Hostb, on the other hand, did not shut down properly after the new ¢ 
configured, so it still had an old address on another subnet. The ipconfig/winipcfg tools are quite 
illustrating these types of issues on the hosts. Learning through an experience such as this one is v 


troubleshooting is all about. 


After fixing the host addresses, ping from the 2900 to the hosts and analyze the MAC address table 
Example 6-17. 


Example 6-17. Pinging the Hosts from the 2900 


sw2900> (enable) ping 192.168.5.101 

192.168.5.101 is alive 

sw2900> (enable) ping 192.168.5.102 

192.168.5.102 is alive 

sw2900> (enable) show cam dynamic 

* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry. X = Por 
= 


wecurity Entry 


VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type] 


1 00-90-92-2a-76-9a 1/1 [ALL] 
1 00-80-c7-aa-c8-87 1/1 [ALL] 
1 00=50=04-df£=Sf=3¢ 1/2 [ALL] 
i 00-10-4b-a5-ae-50 1/1 [ALL] 
1 00-d0-79-68-84-8d 1/2 [ALL] 


Total Matching CAM Entries Displayed = 5 


According to the 2900, the hosts are alive and there are entries in the content addressable memory) 
hosta, hostb, and hostc. 


NOTE 


It is often helpful to monitor the learned MAC addresses in the switch, to differentiate that Lay 
working, yet Layer 3 is not. On a CatOS switch, the command is show cam dynamic, and on 
switch the command is show mac-address-table. 


Now for the true end-to-end test, make sure the hosts can ping each other and the loopback on the 
First, view the IP configuration on hosta as in Example 6-18. Then perform the ping tests in Exame 


Example 6-18. hosta | P Configuration 


C:\>ipconfig 
Windows 2000 IP Configuration 
Ethernet adapter Local Area Connection: 


Connection-specific DNS Suffix 


TP Address: : 2 4.5 £ b-aoe 4 & « # DOR 5TE8s 52101 
Subnet Mask 2.62 6 «5 «2 6 oc # 2: 255.255.255.240 
Default Gateway ....... .. : 192.168.5.97 


Example 6-19. hosta ping Tests 


C:\>remark hosta pings itself 

C:\>ping 192.168.5.101 

Pinging 192.168.5.101 with 32 bytes of data: 

Reply from 192.168.5.101: bytes=32 time<1l0ms TTL=128 
Reply from 192.168.5.101: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.101: bytes=32 time<1l0ms TTL=128 


Reply from 192.168.5.101: bytes=32 time<1l0ms TTL=128 
Ping statistics for 192.168.5.101: 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark hosta pings sw1900 


C:\>ping 192.168.5.100 


Pinging 192.168.5.100 with 32 bytes of data: 


4 
ea 
H 
i 
i) 
a 
a 


Reply from 192.168.5.100: bytes=32 time<10ms 
Reply from 192.168.5.100: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.100: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.100: bytes=32 time<10ms TTL=255 
Ping. statistics for 192.163.5.100% 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark hosta pings sw2900 
C:\>ping 192.168.5.98 
Pinging 192.168.5.98 with 32 bytes of data: 
Reply from 192.168.5.98: bytes=32 time<10ms TTL=60 
Reply from 192.168.5.98: bytes=32 time<10ms TTL=60 


Reply from 192.168.5.98: bytes=32 time<10ms TTL=60 


Reply from 192.168.5.98: bytes=32 time<10ms TTL=60 
Ping Statistics tor 192.168.5298 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark hosta pings the r3 loopback 
C:\>ping 192.168.6.100 
Pinging 192.168.6.100 with 32 bytes of data: 
Reply from 192.168.6.100: bytes=32 time<1l0ms TTL=255 
Reply from 192.168.6.100: bytes=32 time<10ms TTL=255 


Reply from 192.168.6.100: bytes=32 time<1l0ms TTL=255 


Reply from 192.168.6.100: bytes=32 time<10ms TTL=255 


Ping Statisties tor 192.168 .'6,.100% 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark hosta pings sw3512x1l 
C:\>ping 192.168.5.99 
Pinging 192.168.5.99 with 32 bytes of data: 
Request timed out. 
Reply from 192.168.5.99: bytes=32 time=10ms TTL=255 


Reply from 192.168.5.99: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.99: bytes=32 time<10ms TTL=255 
Ping Statistics for 192.168 .5.99% 

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = 10ms, Average = 2ms 
C:\>remark hosta pings hostc 
C:\>ping 192.168.5.103 
Pinging 192.168..5.103 with. 32 bytes of datas 
Reply from 192.168.5.103: bytes=32 time<1l0ms TTL=128 
Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<1l0ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 
Ping Statistics tor L92.163.5.103% 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 


C:\>remark what a success 


Whether you do it now or later (or had to already do it), set the passwords so that you can telnet t 


devices. The steps for changing the passwords start in Example 6-20 and go through Example 6- 22 
was Set back in Example 6-13. | set/changed them all to donna for lab purposes. You should spend 
researching passwords because there are lots of levels of control that you can take advantage of in 
environment. 


Example 6-20. 1900 Passwords 


Catalyst 1900 - Main Menu 
[C] Console Settings 
[S] System 
[N] Network Management 


[P] Port Configuration 


[H] Help 
[X] Exit Management Console 
Enter Selection: C 


Catalyst 1900 =- Console Settings 


Settings 
[P] Password intrusion threshold 3 attempt (s) 
[S] Silent time upon intrusion detection None 
[IT] Management Console inactivity timeout None 
[D] Default mode of status LED Port. Status 
Actions 


[M] Modify password 
[X] Exit to Main Menu 
Enter Selection: M 
The Management Console password can help prevent unauthorized accesses. 
When specifying a password, use a minimum of 4 characters and 
maximum of 8 characters. The password is case insensitive and 


can contain any character with a legal keyboard representation. 


For the user's protection, the password must be entered the same 


way twice before it will be accepted. 


Enter current password: kkKKK 
Enter new password: ***** 
Reenter to verify new password: ***** 


Password modified 


Press any key to continue. 


Example 6-21. 2900 Passwords (CatOS) 


sw2900> (enable) set password 
Enter old password: 

Enter new password: 

Retype new password: 

Password changed. 

sw2900> (enable) set enablepass 
Enter old password: 

Enter new password: 

Retype new password: 


Password changed. 


Example 6-22. 3512XL Passwords 


sw3512XL#configure terminal 
sw3512XL(config) #enable secret donna 


sw3512XL (config) #line vty 0 4 


sw3512XL(config-line) #password donna 


sw3512XL(config-line) #end 


sw3512XL#copy running-config startup-config 


Unless you have already done so, issue the commands in Example 6-23 from the hosta prompt to t 
access to all your switches. In the practical environment, DNS or host files would enable you to telr 
hostname rather than an IP address. Troubleshoot as necessary. 


Example 6-23. telnet Testing from hosta to the Switches 


C:>telnet 192.168.5.100 
C:>telnet 192.168.5.99 


C:>telnet 192.168.5.98 


You should still do many other little things to the Chapter 6 scenario, such as descriptions, speed a 
settings, logging synchronous, add some redundancy, and so on. Do it now, during my review topi 
the Trouble Tickets. 


NOTE 


Documentation and consistency are two things you can't do too much of in the support envirol 


For now, save any configurations that you haven't already and take some time to review the sectio 
segmentation, spanning tree, and the Cisco CLI to assist you in your day-to-day troubleshooting ar 
you for the Trouble Tickets. 


Segmentation Review 


Many times the network engineer is the referee between the users wanting more bandwidth and 
management wanting to put more people on the network. These issues may be political or real. 
A practical number of users on any one LAN segment depends a lot on the applications being 
used as well as the number of devices, distance constraints, traffic volume, and so on. 


Any way you look at it, networking is all about taking turns. Obviously, the more people you 
have to take turns, the more chaotic things can get. 


Hubs and repeaters really don't do a lot to assist with nodes taking turns; they are first rate for 
extending networks or collision domains, however. Other devices facilitate segmentation to 
assist with such constraints as distance and bandwidth limitations. The following subsections on 
repeaters (hubs), bridges, switches, and routers are meant as a quick review to assist you with 
supporting different devices. 


Repeaters (Hubs) 


Repeaters or hubs are Layer 1 devices that extend distance limitations, which in turn extends 
collision and broadcast domains. All stations on all segments (wires) see everything, good and 
bad; there is no filtering. Layer 1 devices are at the lower end of the OSI model and thus are not 
too intelligent. Take Ethernet, for instance; even though there are separate physical ports ona 
hub effectively shaped like a physical star, logically Ethernet behaves as a bus. 


On a shared device such as a hub, you can estimate user bandwidth by dividing total bandwidth 
by the number of transmitting stations. No priority is given to one station over another. 
However, average and peak numbers are quite helpful for upgrading and replacement purposes. 
Layer 2 devices are more commonly used to connect users to the LAN today. 


NOTE 


In my discussion of repeaters and hubs, | am strictly referring to Layer 1 devices 
(although there are hubs that work all the way up the OSI stack). 


Repeaters/hubs accept all bit streams and repeat them, whereas bridges/switches actively look 
at each frame and make a more intelligent decision. Look at them next. 


Bridges 


Bridges are Layer 2 devices that promiscuously listen to each and every frame. Bridges connect 
collision domains while keeping them independent. If 10 users are sharing 1 segment (1 Mbps 
each), for example, with a bridge you can get 2 (or maybe 3) segments with better access to 
bandwidth but still less than dedicated bandwidth. 


NOTE 


A bridge receives a frame on one segment (collision domain) and must decide whether 
to forward it to another segment (collision domain). | use the terms bridge and switch 
interchangeably throughout this book. 


AsFigure 6-4 depicts, Ethernet uses transparent bridging to forward traffic and the STP to avoid 
loops, whereas Token Ring typically uses source route bridging. Source-route translational 
bridging (SR/TLB) or routers offer Ethernet-to-Token Ring protocol translation. | highly 
recommendinterconnections: Bridges, Routers, Switches, and Internetworking Protocols, Second 
Edition (Addison-Wesley), by Radia Perlman, who developed STP while she was working at DEC. 
She also reviewed the STP material in Cisco LAN Switching (Cisco Press), by Kennedy Clark and 
Kevin Hamilton, which belongs on everyone's shelf. 


Figure 6-4. 802.1D Ethernet Transparent Bridging Flow 
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Decisions to forward, filter, or flood are based on the destination MAC address. It is the motto of 
a bridge when in doubt to flood it out. However, all segments still belong to the same broadcast 
domain. Layer 2 and Layer 3 addresses are not changed during transmission. 


NOTE 


The traditional 80/20 segmentation rule says that 80 percent of the traffic should be 
local and 20 percent remote. However, the exact opposite 20/80 rule is the typical 
today with high-speed backbones to support it. 


Layer 3 addresses in general on bridges/switches are for remote management capabilities. For 
example, you added an IP address to each of the Layer 2 switches in the chapter scenario to be 
able to ping, telnet, or web into the devices because each port was not capable of its own IP 
address. 


NOTE 


Bridges/switches learn based on source address (SA) and filter or forward based on 
destination address (DA). A bridge/switch really doesn't care whether the SA and DA 
are on the same interface or port. It only cares about having learned the location of the 
DA. Even if the SA is unknown until this frame, forwarding may be accomplished by the 
DA. 


Switches 


Switches are more or less a marketing term for fast bridges. They are desktop connectivity 
devices capable of multiple broadcast domains through VLANs, the topic of the next chapter. 
Each wire segment has dedicated bandwidth assuming no hubs are attached. If 10 users are 
attached to a 10-Mbps hub, for example, that is about 1 Mbps each. Replace the hub with a 
switch to get a dedicated 10 Mbps each or 20 Mbps for full duplex. 


NOTE 


Most 10/100 hubs are actually mini hub-switch combinations. The 10 ports are shared 
(hub), the 100 ports are shared (hub), but there is a 2-port switch talking between the 
2 hubs. 


Advantages of switches include the following: 


e Application-specific integrated circuits (ASICs) to perform operations in hardware. 


e More ports. 

e Dedicated per-port bandwidth; simultaneous conversation support. 
e Low latency. 

e Aggregate bandwidth. 

e VLAN capabilities to segment broadcast domains. 


e Some level of security just by plugging users into a switch. (Consider what you don't see by 
default with a protocol analyzer.) Can extend this with port security features. 


Bridges/switches have a number of inputs just like our telephone system. If there are too many 
at one time, you get a busy signal—unless of course the switch has a nonblocking design with 
sufficient capacity. Line cards or port expansion modules are inserted into the backplane of the 
switch. Different cards communicate with each other by going through a high-speed switching 
fabric or they may have their own ASICs. Quality of service (QoS) provides congestion 
management within the switch to solve queuing issues. 


There are various switch forwarding types (modes) and frame sizes that obviously play an 
important role in transporting frames from one device to another that you should recognize in 
Figure 6-5 and Table 6-3. 


Figure 6-5. Switch Forwarding Types (Modes) 
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“Adaptive monitors the network for error levels and automatically adapts 
to cut-through or fragment free. 


Refer back to previous examples and figures to examine the switch forwarding types (modes) 
used in your lab. The default varies according to hardware model and software version. 


Table 6-3. Frame Sizes 


LAN/ MAN Technologies | Minimum Frame Size in Bytes | Maximum Frame Size in Bytes 
Ethernet 64 1518 

Token Ring (4 Mbps) 21 4511 

Token Ring (16 Mbps) 21 17839 

FDDI 28 4500 


Assuming no VLANs, bridges/ switches assist with collision domains but not broadcast domains. 
That is where routers or Layer 3 devices come in handy. 


Routers 


In addition to extending the network-like bridges and switches, breaking up the collision 
domains, and containing errors, routers also segment broadcast domains. Layer 3 devices filter 
on Layer 3 addresses (such as |P), whereas Layer 2 devices filter on MAC addresses. Table 6-4 
portrays the layered devices with the associated number of broadcast and collision domains. 


NOTE 


If you need a good example of how routers work, go back to Chapter 3 to review ARP 
and how it works via a local broadcast. The Layer 3 addresses stay the same from end 
to end, but Layer 2 addresses change. 


Table 6-4. Collision and Broadcast Domains 


Device) Broadcast domains Collision domains 
Hub 1 1 

Bridge |1 1 per wire 

Switch | 1 per VLAN 1 per wire 

Router | 1 per wire 1 per wire 


While on the topic of routers, you should view the fa2/0 interface and hard code the speed and 
duplex as in Example 6-24. Although autonegotiation is present, | find it less problematic to hard 
code this on switches and routers. Assuming your hosts do not move around, you can hard code 
it there, too. If you are not sure where people will be connecting into the network and whether it 
is 10 or 100 Mbps, however, autonegotiation was designed for such activity. 


Example 6-24. Hard Code Speed and Duplex on the Router 


r3#show interfaces fastethernet 2/0 


FastEthernet2/0 is up, line protocol is up 


Hardware is AmdFE, address is 00b0.6481.e300 (bia 00b0.6481.e300) 
Description: r3fa2/0 to CatOS sw2900 2/3 

Internet address is 192.168.5.97/28 

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 


Encapsulation ARPA, loopback not set, keepalive set (10 sec) 


Half-duplex, 100Mb/s, 100BaseTX/FX 


r3#configure terminal 

r3(config) #interface fastethernet 2/0 
r3(config-if) #speed 100 

r3 (config—-if) #full—duplex 
r3(config-if) #end 

r3#show interfaces fastethernet 2/0 


FastEthernet2/0 is up, line protocol is up 


Full-duplex, 100Mb/s, 100BaseTX/FX 


When the speed and duplex are hard coded, they show up in the configuration as you can see in 
Example 6-25. 


Example 6-25. Speed and Duplex in the Config File 


r3#show run interface fastethernet 2/0 
interface FastEthernet2/0 
description r3fa2/0 to CatOS sw2900 2/3 


ip: address L925 168.5609) 2Z55a2 006200 «240 


no ip directed-broadcast 
speed 100 
full-duplex 


end 


NOTE 


Speed is actually more problematic than duplex, for connectivity does not happen with 
mismatched speeds. Mismatched duplex settings cause performance-type issues but 
normally not connectivity issues. 


After you hard code speed, autonegotiation is off. Make sure you know exactly what your device 
is doing. If you reset speed back to auto, for instance, you may be setting duplex back to auto as 
well. 


Configuration and proper segmentation are both critical to maintaining day-to-day operations 
and long-term optimization. Now | want to briefly chat about STP, (the LAN treatment, not the 
oil treatment), because it accounts for a significant amount of Layer 2 troubleshooting. 


STP 


Lots of things in networking are based on trees, branches, and leaves. STP is no exception. My 
intent is not to give you a book or chapter that tells you everything you need to know about STP, 
but rather to review the critical components and analyze it from the practical perspective. 


You, like many other network engineers, might consider STP to be one of those theory things that 
you never have to worry with in the practical world. However, the truth is STP accounts for more 
than half of the issues with configuring, maintaining, and supporting campus networks. 


STP is so critical because it is a dynamic loop prevention protocol for Layer 2. Time to live (TTL) 
does not exist at Layer 2; STP is what prevents frames from looping endlessly around the network. 
| know you would never intentionally create a bridge loop at Layer 2, but redundancy is a good 
thing to build in to your environment to eliminate single points of failure. Redundancy may lead to 
bridge loops and bridge loops may lead to broadcast storms. This is not to say redundancy is bad, 
but a mechanism such as STP keeps it under control. 


Broadcast storms are feedback loops that occur in both directions. Want to see one? Just create a 
physical loop in your topology and turn off STP with a command such as set spantree disable 
[vlan#]. Do not do this in a production environment. 


NOTE 


In many places throughout this chapter | may give the 1|OS command or the OS command 
(set, show, clear). This is one thing that makes supporting Cisco switches a little 


challenging. In the section "The Cisco Command-Line Interface (CLI)," you will find some 


helpful comparison sheets of the major commands you need for troubleshooting. 


There is a DEC version and |EEE version of STP that, although similar, are not compatible. This 
chapter focuses on only the IEEE version because that is what many of the Layer 2 Catalyst 
switches support. However, Cisco routers and Layer 3 switches support multiple versions. For 
example, the following command output shows you how to change this parameter on an | OS-basec 
switch if required to do so: 


sw3512XL (config) #spanning-tree protocol ? 
dec Digital spanning-tree protocol 
ibm IBM spanning-tree protocol 


ieee IEEE Ethernet spanning-tree protocol 


Bridges dynamically form a tree of the physical topology by exchanging bridge protocol data units 
(BPDUs). At first all ports send BPDUs out every two seconds to build the tree. The best ports are 

forwarding and the alternate ports are blocking as to not form bridge loops. See the STP decision 

criteria in the following section. STP convergence requires the election of a root bridge, root ports, 
and designated ports. 


STP Decision Criteria 


Many decisions are made in STP: 


e Who is the root bridge?— Lowest BID. (I bet many of you can relate to that terminology.) 
e How far away is the root bridge?— Lowest path cost (highest bandwidth) to root bridge. 
e Who sent this BPDU?— Lowest sender BID. 

e What port did this BPDU come from?— Lowest port ID. 


It is helpful to think of the root bridge as a wagon wheel with spokes going out to the other 
switches. J ust like many other things in life, the lowest BID wins again. BID in the sense of STP is < 
concatenation of the bridge priority and the 6-byte MAC address. By default the 2-byte priority fieli 
is 32,768 decimal or 8000 hex, so the MAC address is really the tiebreaker. 


Everynon-root bridge must select a root port, which is the port closest to the root bridge. This 
closeness is measured by the root path cost, which is the cumulative cost of all links leading to the 
root bridge. The STP costs are incremented as BPDUs are received on a port. 


Costs are associated with various LAN segments. The original IEEE 802.1D specification didn't 
really take into consideration Gigabit Ethernet, ATM, and 10 Gigabit Ethernet technologies. The 
original specification was a linear value derived from the formula 1000 Mbps divided by the 
bandwidth of a segment. An example for FDDI or Fast Ethernet is as follows: 1000/100 = 10. Table 
6-5 illustrates the latest IEEE path costs. 


Table 6-5. Latest |EEE STP Nonlinear Path Costs/*1 


Bandwidth Path Cost 
4 Mbps 250 

10 Mbps 100 

16 Mbps 62 

45 Mbps 39 

100 Mbps 19 

155 Mbps 14 

622 Mbps 6 

1 Gbps 4 

10 Gbps 2 


(*] Changes in bandwidth dictate software changes. This only ever happened once to go from a linear to a 
nonlinear scale to account for the old and new schemes to interoperate. 


NOTE 


Path cost and root path cost are not one in the same. Path cost is a value assigned to 
each port. Root path cost is the cumulative cost to the root bridge. 


Every segment elects a designated port based on the lowest cumulative root path cost (best) to the 
root bridge. Now that! have discussed root bridge, non-root bridge, root port, and designated 
port, | want to mention nondesignated ports or ports that are in a blocking state. Blocking is not 
truly blocking because the port must still listen for BPDUs unless of course you take advantage of 
the new improved Rapid Spanning Tree Protocol (RSTP). Figure 6-6 displays the five STP states an 
associated timers. 


Figure 6-6. STP Port States and Timers 
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All ports start out in either a blocking or a disabled state and work their way to a forwarding state. 
The disabled state is the one most people forget; it is when the port is administratively shut down. 
Ports are listening for BPDUs while they are in the blocking state in case there is a change in 
topology. The port transitions to a listening state where it is sending and receiving BPDUs to 
determine the current active topology. By default, a 15-second forward delay timer is associated 
with the listening state. The designated and root ports then progress to the learning state. There is 
then another 15-second forward delay time when tables are being built but still no user data has 
passed. Next the port transitions to the most wanted forwarding state, where it actually sends and 
receives user data. All ports that are not in a forwarding state at this point are in a blocking state. 
This entire process might sound slow and bad and make you want to turn STP off. Do not do it! 
(However, there are ways to tweak STP that | mention at the end of the section.) From a 
troubleshooting perspective, the issues are whether anything breaks STP and causes a forwarding 
loop, and the impact of the delays on user traffic. Techniques such as RSTP, portfast, uplinkfast, 
and so on improve on the 20-year-old approach. See the practical STP and RSTP sections. 


As you have seen in previous chapters, tools such as Sniffer Pro are quite helpful to understand the 
interworkings of things. However, switches are not quite as free flow as hubs are when it comes to 
monitoring ports with protocol analyzers. Port monitoring, therefore, is a topic of necessary 
discussion. 


Port Monitoring 


Unlike hubs flooding to all ports, switches learn Layer 2 addresses so that they can filter and send 
only unicast traffic to the correct recipient. From a Sniffer standpoint, you will capture the 
broadcast-type frames but miss a lot of unicast frames unless you intentionally monitor the right 
ports. Essentially you must select a port to receive or mirror the traffic you want to capture. This is 
called the SPAN port and has nothing to do with STP. The source SPAN port(s) or ingress ports are 
where traffic enters the switch, and the destination SPAN port or egress port is where the network 
analyzer is connected. 


Configuring port monitoring on an 1OS-based switch is as simple as going to the destination 
interface where the Sniffer is located and getting into interface configuration mode. Turn on port 
monitoring for each individual port you want to act as a source. If you just issue the port monitor 
command, all ports in the same VLAN are monitored. Use show port monitor to see the results. 


On a CatOS-based switch, you need to turn on SPAN, the Catalyst switched port analyzer. It 
enables you to mirror the data from one port, trunk, or VLAN to another port so that you can 
monitor it. This command turns STP off on the mirrored port. Use set span help for assistance. Fc 
example,set span 1/1 2/1 both takes the transmit (Tx) and receive (Rx) traffic source of port 
1/1 and mirrors it to port 2/1 for monitoring. The inpkts option determines whether frames emittec 
by the SPAN collector are processed or ignored. Use show span to see the results. Use commas 
and dashes to specify multiple ports. 


NOTE 


Cisco has a great tech note on configuring the catalyst SPAN feature at 
www.cisco.com/warp/public/473/41.html (if you need more details). 


Port monitoring and SPAN are one and the same. It just depends whether you are on an | OS- base 
switch or a CatOS-based switch. Look at the Figure 6-3 and contemplate how you can monitor the 
traffic using a tool such as Sniffer Pro. Although | wanted to briefly mention port monitoring, the 
real goal at this point in time is to analyze BPDUs. 


Analyzing BPDUs 


Analyze the configuration BPDU Sniffer capture in Figure 6-7. You will capture your own data in the 
Trouble Tickets. 


Figure 6-7. Configuration BPDU 
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Configuration BPDUs flow from the root bridge to others. A BPDU is an IEEE 802.3 frame with 
802.2 LLC SAP header. The Type is 0 because it is a configuration BPDU rather than a topology 
change BPDU. The root bridge at the time of this capture was the CatOS sw2900 that has a MAC 
that ends in 1400. The default priority is 8000 hex. The root path cost is 10. The sending BID is 
from the sw1900 that has a MAC that ends in 7680. The max age is 20 seconds, the hellos are 
every 2 seconds, and the forward delay is 15 seconds as discussed earlier. Compare Figure 6-7 to 
the following headers: 


e 802.3 header: 


- Source MAC is the Catalyst port that sent the BPDU. 


- Destination MAC is the |EEE 802.1D STP multicast address 0180c2000000. 


e LLC header: 


- DSAP and SSAP are both 0x42 for STP. 


e The configuration BPDU: 


-Protocol |D Always 0. 

-Version Always 0. 

-Type 0 for configuration BPDU; 0x80 for topology change notification (TCN BPDU). 
-Flags Topology change or acknowledgement. 


-Root BID Concatenation of priority and MAC to form the bridge ID for the root bridge. 


-Root Path Cost Cumulative cost of links toward the root bridge. 
-Sender BID Bridge !D of the sender of the BPDU. 
-Port |D Unique value for port that sent the BPDU. 


-Message Age Time since the root bridge first created this BPDU. This is not max age. 
Think of it like a reverse TTL where 1 is added at every bridge hop. 


-Max Age Time period to save BPDU information. 
-Hello Time Time interval between BPDUs. 


-Forward Delay For listening and learning states. 


STP convergence time is 20 max age + 30 for the two 15-second forward delays, for a total of 50 
seconds. Tools such as Sniffer Pro and the CatOS or |OS spanning- tree commands in Table 6-7 or 
even more automated tools such as the CiscoWorks Campus Manager can lend a hand in drawing < 
very informative Layer 2 STP diagram to assist you in supporting STP issues. 


TCN BPDUs are one way to speed up this convergence. They flow from the spoke bridges to the 
center of the wheel root bridge to let the root bridge know that the topology has changed. You 
analyze TCNs in more detail in the Trouble Tickets. 


Tuning STP in a Practical Environment 


As you can see, STP is quite complex, but necessary to avoid Layer 2 broadcast storms. Think of it 
as the Layer 2 "TTL." The following items and commands are suggestions for tuning STP ina 
practical environment: 


e Create a design hierarchy including Layer 3 switches rather than a flat network. 


e Understand how STP works, particularly on your network. Draw pictures of what you have an: 
what you will have after a failure. Use tools such as the Campus Manager CWSI STP mapping 
tool to get a good Layer 2 picture. 


e Plan root bridge placement. Centrally locate them close to heavy traffic destinations and don't 
choose your lowest caliber switch. The set spantree prioritypriority [vlan] command 
enables you to adjust the priority of a switch on a VLAN basis, and with Cisco there is one 
instance of STP per VLAN. Alternatively, set spantree root is a macro that places its results 
in the configuration file. 


e Set more than one root bridge in case of failure. The backup acts like a hot standby until 
needed. For example, type set spantree priority 100 1 on one switch to make it the 
primary. Use set spantree priority 200 1 on another switch to configure it as the backup 
root bridge. VLAN 1 is the default, and therefore is really not necessary in this example. 
However, you must specify the VLAN if different from VLAN 1. 


e Do not use set spantree portvlanpri for back-to-back switch load balancing. Use Fast or 
Gigabit EtherChannel instead. 


e Use port/VLAN cost load balancing in situations where you can't use the root bridge form of 
load balancing. For example: set spantree portviancost 2/ 1 cost 2000 10 assigns a path 
cost of 2000 to port 2/1 for VLAN 10 on the trunk. 


e Turn on portfast and disable Port Aggregation Protocol (PAgP) for hosts. Some PCs boot faste 
than the time it takes STP to go through its blocking, listening, learning, and forwarding 
states. However, you can't turn off STP for an individual port. Portfast essentially skips the 
steps prior to the forwarding and immediately starts the port in a forwarding state when it 
first initializes. Practical places to implement portfast include Microsoft hosts looking for a 
domain controller or DHCP server or Novell clients that never seem to find the login screen 
upon boot up. In most cases it is not necessary to enable portfast on servers because they 
rarely reboot. The set spantree portfast 2/ 1-12 enable command sets portfast on for port 
1 through 12 on module 2. If port 1 connects this switch to another, however, you do not 
want portfast on for that port, so you can disable it with set spantree portfast 2/ 1 disable 
Useshow spantree 1 to see the results (assuming this is VLAN 1). 


CAUTION 


Use portfast only when connecting a single host to an access port, otherwise you are 
asking for a network loop. 


e BPDUguard assists with helping you find invalid configurations of portfast. In a valid 
configuration, the portfast ports do not receive BPDUs. In an invalid configuration, they do 
and STP places the port in a blocking state. Enable BPDUguard with set spantree portfast 
bpdu- guard enable so that STP automatically shuts the portfast port down if it receives a 
BPDU to recalculate STP. 


e Enable uplinkfast on wiring closet switches (STP leaves) but not in the core for root port 
optimization for directly connected failed links. Uplinkfast is for dual-homed access layer 
switches or any similar topology. Don't do this on root bridges or transit switches. Enable 
uplinkfast with set spantree uplinkfast enable and view your changes with show spantre: 
uplinkfast. 


e Enable backbonefast using set spantree backbone fast enable on every switch in your 
network to assist with indirect failures and optimize max age. 


e Verify such features as BPDUguard, uplinkfast, and backbonefast with show spantree 
summary. 


e With EtherChannel it is normally best practice to set the ports to desirable. The following 
command sets port 2/1 to desirable: set port channel 2/ 1 desirable. 


e Take advantage of the |EEE RSTP/Multiple STP (MSTP) where possible. See the "Rapid STP 
(RSTP)" section. 


The commands for tuning STP in a practical environment are all given in the CatOS syntax. 
However, you can compare the |OS equivalent commands in Table 6-7. 


Rapid STP (RSTP) 


Although VLANs and trunking are the topic of the next chapter, they are certainly a relative topic 
when it comes to STP. Cisco enhanced the original |EEE 802.1Q standard with features such as 
portfast, uplinkfast, and backbonefast, per VLAN STP (PVST+), and Multiple Instance STP (MISTP), 
but they are proprietary. Although not a standard yet as of this writing, RSTP |EEE 802.1w is 
available in newer versions of the |OS and is backward compatible with 802.1D STP. It was first 


implemented in CatOS 7.1 and 1OS 12.1(11)EX as Multiple STP (MSTP). CatOS 7.5 and !OS 
12.1(13) E offer RSTP where the switch runs an RSTP instance on each VLAN, like the Cisco PVST. 
Compare the 802.1D and 802.1w port states in Table 6-6. 


Table 6-6. Compare STP 802.1D and 802.1w Port States 


| EEE802.1DSTP | EEE802.1wRSTP 
Disabled (administratively shut down) Discarding 
Blocking Discarding 
Listening Discarding 
Learning Learning 
Forwarding Forwarding 


The end result is the same for STP or RSTP, but the overall STP convergence is much improved wit 
the latter (50 seconds to 1 second). The main reason is the way topology changes are detected anc 
propagated. The initiator of the topology change directly forwards the change throughout the 
network instead of waiting for the root bridge to do so. Although the inherent fast convergence 
benefits are lost when your network includes legacy bridges, STP and RSTP are compatible. 


MSTP IEEE 802.1s uses RSTP to provide very fast convergence, as well as to group VLANs into an 
instance of STP to provide multiple forwarding paths and load balancing. A big advantage is that a 
failure in one instance doesn't affect another STP instance. Although not a standard yet as of this 
writing, MSTP was released in CatOS version 7.1 via the following command: set spantree mode 
MST. By default, all VLANs are in instance 0 unless you use the set spantreeMST20 vian 1-6,12 
command. This puts ports 1 through 6 and 12 in MST instance 20. To commit the changes, use set 
spantreeMSTconfig commit. |n |OS there is a separate mode for MSTP configuration. When you 
are in global config mode, enter MSTP config with spanning-tree mst configuration, where you 
enter the instance |D and VLAN range. 


NOTE 


For an excellent white paper explaining how RSTP works and the command set, see 
http: //cco-rtp- 
1.cisco.com/ en/US/tech/tk389/tk689/technologies white _paper09186a0080094cfa.shtml. 


Cisco switches have certainly evolved over the years. They are easy to configure, maintain, and 
support when you maintain a good balance of hierarchical routing and switching, not flat networks 
As discussed in the "STP" and "Rapid STP (RSTP)" sections, Cisco has their own improvements to 
the current STP standards, and IEEE has a few in the works. You should also consider the idea of 
using point-to-point links as Layer 3 networks for fast failover rather than the 50-second STP 
convergence. 


As mentioned in the early chapters of this book, the Core, Distribution, and Access Layers describe 
Cisco's three-layer tiered hierarchy in which switches and routers are both important components. 


Many times you will see the following acronyms in use for the layers: 


e I DF— Intermediate distribution frame (Access Layer) 
e MDF— Main distribution frame (Distribution Layer) 
e MDF to MDF— Core Layer 
The layered hierarchy is more of a design focus, and obviously a good design helps things run well 


and lessens support issues. However, next | want to focus more on the evolution of the software or 
Cisco switches to assist you with analyzing common issues. 


The Cisco CLI 


Cisco's 1|OS maintains the same look and feel across the entire router family of products. 
Unfortunately, | can't say the same for the entire switch family of products. However, it is a Cisco ¢ 
for that to occur one day. The reason for the two main command sets of the switches is basically 
evolutionary, partly Cisco and partly their acquisition of products with a good installed base. Some 
these products are listed here: 


e Grand Junction 1900 and 2800 switches use a main menu display where you select a letter. 


e Kalpana 3000 series switches have you move through menus by highlighting an option using 
arrow keys and pressing Enter rather than a letter (like the Grand J unction products). 


e Crescendo 2900 and 5000 series introduced the CatOS. 
e Cisco developed switches such as the 2900XL and 8500 families that use the Cisco |OS. 
e The 5000 and 6000 use a slightly different CLI from others. 


As you can see, switches are very much a multivendor experience. Instead of discussing history an 
vendors, | want to spend some time comparing the CatOS and 1OS for support purposes. 


NOTE 


Besides being familiar with the software, it is a good idea to have the right console connector 
and cable in your tool bag. Always carry a 9-pin and 25-pin console connector with plenty of 
reliable cables. Be prepared for straight-through, crossover, and rollover situations. 
Generally 10S devices need a rolled console cable (1 to 8, 2 to 7, 3 to 6, and 4 to 5), and 
COS devices need a straight cable. 


CatOS-Based Switches 


Now if you don't like all the modes and separate histories with the routers, you might actually enjo 
the CatOS. The normal mode is like user mode on the router, and the privileged exec (enable) moc 
the configuration mode. Set, show, and clear commands are issued from the enable mode. It anno 
me that you can't enter show commands while in configuration mode in|OS. Although you don't ne¢ 
to be as concerned with modes, with CatOS it is very easy to prematurely enter something you dor 
mean to when all you want is help. J ust remember to type the question mark (?) so that you don't 
into that trap. CatOS examples include: 2900, 4000, 5000, and 6000. 


NOTE 


See the Technical Assistance Center (TAC) for common CatOS/IOS error messages on Cisco 
Catalyst switches for your particular switch. 


Set commands are used to configure or overwrite. Show commands are used to view, and clear 
commands are used to either reset or delete. For example, clear config all through a telnet sessic 
a career-limiting move (CLM) because you clear not only the VLANs, STP, and Supervisor module k 
to its defaults, but you also wipe out the management IP address. Just in case you don't follow my 
logic here, you no longer have a telnet session to the box. The same type of situation can occur wit 
making changes to the IP, mask, or VLAN associated with scO. 


NOTE 


Theclear config all does not clear ATM LAN emulation (LANE) module or Route Switch 
Module (RSM) configurations. Go to these modules with the sessionmod# command, which 
is like an internal telnet, so that you can make module changes. Use show module to view 
the cards installed on the box. These modules use the 1|OS commands rather than the CatOS. 
On the 6000/6500, the same holds true for a Multilayer Switch Feature Card (MSFC). 


Like the 1900, the Catalyst 5000 automatically stores your configuration changes to NVRAM, where 
the lOS requires a write mem or copy run start. Obviously there is good and bad to this. Depenc 
on your environment, you can reload if you haven't saved your running configuration to the startur 
configuration and all changes will be gone with |OS-based devices. CatOS devices maintain the 
configuration changes even through a reload. As a little tip, you can copy your configuration to 
Notepad. Use set length 0 to inhibit pagination. Issue show config to capture the current 
configuration. Now if you goof on your changes, you can clear config all and use the current 
configuration you captured. 


NOTE 


On a CatOS device, show config all displays the defaults, too. 


From a support standpoint, it is important to understand show commands, system commands, 
configuration and operating system commands, spanning-tree commands, logging and monitoring 
commands, network management commands, and others. It is critical to know how to get into the 
locally and remotely. Table 6-7 contains some helpful examples of commands. 


Table 6-7. Catalyst OS and 1|OS Commands 


CatOS - 2900/ 4000/ 5000/ 6000 10S - 2900XL/ 3500XL 


Show commands 


show cdp neighbors >show cdp neighbors 


show module >show module 


show version 


>show version 


show config/ write terminal 


#show config/show start 


show arp 


>show arp 


show cam dynamic 


#show mac-address-table 


show port 


#show interfaces 


#show interface status 


System commands 


Enable >enable 
show system 
show test #show diag 


set password 


(config) #line console 0 


(config-line)#passworddonna 


set enablepass 


(config)#enable passworddonna 


set system namesw2900 


set promptsw2900 


(config) #hostnamesw 351 2x| 


set timemonday 11/25/02 07:00:00 


#clock set07:00:00 25 nov 02 


set interface scO1 192.168.5.98 
255.255.255.240 


show interface 


(config) #interfacevlan1 


(config-if)#ip address192.168.5.99 
255.255.255.240 


#show interfacevianl 


Port configuration commands 


set port namel/1 hosta 


(config) #interfacefa0/1 


(config-if)#description fa0/1 to 2900 


set port speed2/4-5 10 


set port speed2/3 100 


(config) #interface range fa0/4 - 5 
(config-if)#speed 10 


(config-if)#speed 100 


set port duplex1/1 full 


(config-if)#duplexfull 


set port disable 1/1 


set port enable 1/1 


(config-if)#shut 


(config-if)#no shut 


show port 


show port status 


#show interfaces 
#show interface status 


#show ip interface brief 


set module enable2 
set module disable2 


show module 


#show module 


set trunk1/1-2 on 


show trunk 


(config) #interface faO/ 12 
(config-if)#switchport modetrunk 


#show interface fa0/ 12 switchport 


Port security 


(config) #interface faO/ 1 


(config-if)switchport mode access 


(config-if)switchport port-security mac-addres 


mac-addr 


set port securitymod#/ port#enablemac- 
addr 


(config-if)switchport port-security 


set port securitymod#/ port#maximum 
value 


(config-if)switchport port-security maximum 
value 


set port securitymod#/ port#violation ? 


(config-if)switchport port-security violation ? 


(config-if)end 


show port security 


#show port-security ? 


clear port securitymod#/ port#? 


(config-if)no switchport port-security 


Spanning tree 


(config) #interface faO/ 1 


set spantree portfast2/4-5 enable 
show spantreel 


show port spantree2/4 


(config-if)#spanning-tree portfast 
#show spanning-treevlan 1 
#show spanning-treeinterface fa0/1 


#show spanning-tree 


set spantree portfast bpdu- guard enable 


show spantree summary 


(config)#spanning-tree portfast bpbduguard 


#show spanning-tree summary totals 


set spantree priority100 1 (primary) 
set spantree priority200 1 (backup) 


set spantree root (macro) 


(config)#spanning-tree priority100 


(config)#spanning-tree priority 200 


Logging and management commands 


set logging timestamp enable 


(config)#service timestamps log ? 


(config)#service timestamps debug ? 


set logging console disable 


(config)#no logging console 


set logging server 192.168.5.17 


(config) #logging 192.168.5.17 


set logging levelall 7 


(facility severity default) 


(config) #logging ? 


show logging ? 


>show logging ? 


set trace ? 


show trace 


#debug 


#show debug 


show history 


>history 


set span1/1 2/5 both inpkts 


show span 


(config) #interface faO/ 12 


(config-if)#port monitor (monitors all ports to 
fa0/12) 


(config-if)#port monitorfa0/2 (monitors port 2 to 
port 12) 


#show port monitor 


#show monitor 


SNMPL*1 and RMONL**1 


set system contactdonna harrington 410- 


123-4567 


(config)#snmp-server contactdonna harrington 
410-123-4567 


set system location bldg rm rack loc 


(config)#snmp-server location bldg rm rack loc 


set snmp communityread-only public 


(config)#snmp-server communitypublic ro 


set snmp trap192.168.5.101 public 


(config)#snmp-server host192.168.5.101 public 


set snmp trapenable 


(config)#snmp enable trapssnmp 


show snmp 


#show snmp 


set snmp rmonenable 


(config)#rmon ? 


>show rmon statistics 


1P host commands 


set ip route default192.168.5.97 


show ip route 


(config)#ip default-gateway192.168.5.97 


>show ip route 


Configuration management 


Automatic 


#copy run start/write mem (save config) 


writel92.168.5.101 catos.cfg 


#copy run tftp/write net (copy config to tftp) 


configure192.168.5.101 catos.cfg 


#copy tftp run/configure net (copy config from 
tftp) 


Operating system management 


copy flash tftp #copy flash:catios.bin tftp: 


upload192.168.5.101 catos.bin 
copy tftp flash #copy tftp:/ / <ip>/ catios.bin flash: newios.bir 


download192.168.5.101 catos.bin 


reset system #reload 


VLANs and vTpl 1 


#vlan database 


set vtp domaindonna (vlan)#vtp domain donna 

set vtp modetransparent (vlan)#vtp transparent 

vlan 2 nameengtypeethernet (vlan)#vlan 2 nameengmediaethernet 
show vlan (vlan)#show 

clear vlan 2 (vlan)#no vlan 2 nameengmediaethernet 
show vtp domain (vlan) #exit 


#show vtp status 


(*] SNMP = Simple Network Management Protocol 
[**] RMON = Remote Monitoring 


{ 1] VTP = VLAN Trunking Protocol 


NOTE 


Check out the newer methods for configuring VLANs at 

www.cisco.com/univercd/ cc/td/doc/product/lan/cat2 950/12111eal1/scg/swvlan.htm#xtocid7. 
This is preferable because the VLAN information is part of the textual configuration rather 
than in a separate vlan.dat file. 


1OS-Based Switches 


The |OS- based switches use basically the same 1OS as Cisco routers. Examples include 2900XL, 
3500XL, 6000, and 3550. A practical example today is the 6500 running in native mode. Switch 
troubleshooting tools such as CiscoWorks, RMON, LED indicators, ping, telnet, Cisco Discovery Prot 
(CDP), SPAN, various show commands, and debug are quite helpful if in fact you understand what 
are looking at. Debug is not available on the CatOS like it is on the lOS switches. 


The next section provides a quick overview of the terminology associated with the Cat5000/Cat600 
architecture. For more details on this topic, refer to the other Cisco Press titles and Cisco.com. 


Cat5000/Cat6000 Architecture 


Besides the ports, several other components make up the overall architecture of a switch. The 
switching engine makes decisions, and the switch memory buffers frames from port to port. The 
switching fabric connects all the components together. For example, devices such as the Catalyst 
2900XL, 3500XL, and 4000 deploy a shared memory fabric where all ports share the same 
memory pool. The Cat5000 and Cat6000 are store-and- forward switches that use a switching 
bus architecture arbitration method where a central bus arbiter works with an arbiter on each 
line card to control queuing for each port. The 6500 with a fabric module installed deploys a 
crossbar fabric whereby hardware-based ASICs provide many switching paths; this is also 
known as a nonblocking architecture. Nonblocking in a nutshell means that the switch has more 
bandwidth than all the ports together. The 6500 can also deploy a local switching fabric so local 
ports do not have to go through the switching fabric. Modular switches dedicate slot 1 for the 
Supervisor Engine that monitors system components as well as the switching functions within 
the switch. This list contains some common terminology and functionality of the 5000: 


e Ethernet ports use a custom ASIC called Synergy Advanced Interface and Network 
Termination (SAINT). 
e Other ports use a custom ASIC called Synergy Advanced Gate-Array Engine (SAGE). 


e Encoded Address Recognition Logic (EARL) is an ASIC that works with bus arbitration for 
packet transfers. 


e The Network Management Processor/Master Control Processor (NMP/MCP) aggregates data 
from processes such as SNMP and RMON and includes information from STP, CDP, and VTP. 


e Built-in Gate Array (BIGA) connects the NMP to the 1.2-Gbps bus. 

e Line-module Communication Processor (LCP) 

e Atypical Catalyst power-up self-test includes such things as an LED check, memory test, 
and address recognition logic such as ROM, RAM, EARL, and BootROM. Figure 6-8 gives you 


a visual of one of the higher-end modular Catalyst 6000 family devices in case you don't 
have anything like this in your lab. 


Figure 6-8. Catalyst 6509 Series Switches 
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With its drastic increase in capacity and throughput, the Cat6000 is a very powerful big 
brother/sister to the 5000 series. If you are familiar with the 4000 or 5000, you are well on your 
way to supporting the 6000s. CatOS and the native |OS modes are both available, although not 
all features are supported in both. The following list contains some common terminology and 
functionality of the 6000: 


e The Catalyst switch processor (SP) controls system operation, port management, and 
services such as STP, VLANs, VTP, Internet Group Management Protocol (IGMP), DDSN 
Transfer Protocol (DTP), and provides the physical console connection during the initial 
boot. 


e The MSFC is the route processor (RP) that provides Layer 3 functionality and controls the 
CEF table so that all routing takes place in hardware. It controls services such as CDP and 
PagP and provides the physical console connection after the system is up and running. 


e The MSFC may have a policy feature card (PFC) as a daughter card. This provides QOS 
capabilities and security features such as virtual access control lists (VACLs). 


e Hybrid mode. CatOS on the Supervisor for Layer 2 forwarding and |OS on the MSFC (which 
is optional) for Layer 3 forwarding. CatOS is the default for this mode. 


e Native mode. Integrated single |OS image on the Supervisor with only a bootloader image 
on the MSFC. Operates as a Layer 3 router by default. 


e Use the show version command to see which mode you are using. If you see MSFC in the 
image name, you know you are in the hybrid mode; whereas if you just have an image with 
sup for supervisor, you are operating in integrated |OS or native mode. 


Regardless of the device, pay particular attention to the LED status and ports to assist you in 
narrowing down switch problems. Table 6-8 displays the LED part of the technical specifications 
for the 6000 from Cisco.com. Table 6-9 displays the fields associated with show port. Physical 
and Data Link targets such as these are key to supporting switched environments. 


Table 6-8. Catalyst 6000 LEDs 


LED Status 


Supervisor Engine status LED Orange 


Module is booting; running diagnostics; minor temperature 
threshold exceeded; standby mode with redundant supervisors. 


Green 
All diagnostics pass; module is operational. 
Red 


Failed diagnostics; major temperature threshold exceeded; 
module not operational. 


System LED displays chassis | Green 
environmental status 
All chassis environmental monitors okay. 


Orange 

Power-supply failure; incompatible power supplies installed; 
power-supply fan failure; minor backplane temperature 
threshold exceeded; redundant backplane clock failure. 


Red 


Supervisor Engine over temperature condition; major backplane 
temperature threshold exceeded. 


Supervisor Active LED Green 
Operational and active. 
Orange 


Standby mode. 


PWR MGMT (Power Green 
Management) LED 
Sufficient power for all modules. 
Orange 


Insufficient power for all modules. 


PCMCIA LED Lights when the PCMCIA device is accessed. 


LINK LEDs for Gigabit 
Ethernet ports on the 
Supervisor Engine 


Green 
Port is operational. 
Orange 


Software disabled (solid); disabled due to hardware failure 
(flashing). 


Table 6-9. show port Command Output Fields 


Field Description 

Port Module and port number. 

Name Name of port if configured (description). 

Status Status of the port such as connected, notconnected, faulty, remfault, disable, 
remdisable, configerr, remcfgerr, or disagree. 

Vian VLANs to which the port belongs. 

Duplex auto, full, fdx, half, hdx, a-half, a-hdx, a- full, or a-fdx. 

Speed auto, 10, 100, 155, a-10, a-100, 4, 16, a-14, or a-16. 

Type Port type (for example, 1OOBASE-FX MM, 100BASE-FX SM, 10/100BASE- TX, or 
RSM. 

Security Port security status. 

ae re-Src- Secure MAC address for the security enabled port. 

r 


Last-Src-Addr 


Source MAC address of the last packet received by the port. 


Shutdown Status of whether the port was shut down because of security. 

Trap Status of whether port trap is enabled or disabled. 

| fl ndex Number of the ifl ndex. 

Broadcast- Broadcast threshold configured for the port. 

Limit 

Broadcast- Number of broadcast/multicast packets dropped because the broadcast limit 

Drop for the port was exceeded. 

Send admin Flow-control administration. Possible settings: On indicates the local port 
sends flow control to the far end; off indicates the local port does not send 
flow control to the far end; desired indicates the local end sends flow control 
to the far end if the far end supports it. 

FlowControl Flow-control operation. Possible setting: Disagree indicates the two ports 


oper 


could not agree ona link protocol. 


Receive admin 


Flow-control administration. Possible settings: On indicates the local port 
requires the far end to send flow control; off indicates the local port does not 
allow the far end to send flow control; desired indicates the local end allows 
the far end to send flow control. 


FlowControl Flow-control operation. Possible setting: Disagree indicates the two ports 

oper could not agree ona link protocol. 

RxPause Number of pause frames received. 

TxPause Number of pause frames transmitted. 

Unsupported Number of unsupported operating codes. 

Opcodes 

Align-Err Number of frames with alignment errors (frames that do not end with an even 
number of octets and have a bad CRCL+]) received on the port. 

FCS-Err The number of valid size frames with FCSL**] error but no framing errors. 

Xmit- Err Number of transmit errors that occurred on the port (indicating that the 
internal transmit buffer is full). 

Rev-Err Number of receive errors that occurred on the port (indicating that the internal 
receive buffer is full). 

UnderSize Number of received frames less than 64 bytes long (but are otherwise well- 
formed). 

Single- Coll Number of times one collision occurred before the port transmitted a frame to 
the media successfully. 

Multi-Coll Number of times multiple collisions occurred before the port transmitted a 
frame to the media successfully. 

Late-Coll Number of late collisions (collisions detected beyond 64 bytes). 

Excess-Col Number of excessive collisions that occurred on the port (indicating that a 
frame encountered 16 collisions and was discarded). 

Carri-Sen Number of times the port sensed a carrier (to determine whether the cable is 
currently being used). 

Runts Number of received runt frames (frames that are smaller than the minimum 
|EEE 802.3 frame size of 64 bytes) on the port. 

Giants Number of received giant frames (frames that exceed the maximum IEEE 
802.3 frame size) on the port. 

Last-Time- Last time the port counters were cleared. 

Cleared 

Auto-Part The number of times the port entered the autopartition state due to excessive 
consecutive collisions. 

Data-rate The number of valid size frames experienced overrun or underrun. 

mismatch 

Src- addr The number of times the last source address changed. 

change 


Good- bytes 


The total number of octets in frames with no error. 


The number of times activity with a duration less than the ShortEventMax 


Short-event 
Time (74-82 bit times) is detected. 


[*] CRC = Cyclical redundancy check 


(**] FCS = Frame check sequence 


Shooting Trouble with Switches 


Shooting trouble with switches requires that you understand Physical and Data Link Layer 
targets and well as normal switch operations. A physical and logical map is not just something 
nice to have but a necessity in real-world operations. It is not easy to create if you don't 
understand how things work, in particular STP for Layer 2 devices. You must continue to follow a 
consistent methodology such as those suggested in the first part of the book to assist you in 
isolating fault domains. 


It is probably not a bad idea to go back and review the Ethernet and switch beginning checklists 
and ending sections on shooting trouble. All of them allude to the fact that interfaces (ports) are 
the main Data Link Layer target. It is up to you to use kKnown-good switches, modules, ports, 
cables, connectors, and transceivers for connectivity and performance purposes. Hardware 
issues could be a bad or loose cable, a faulty module or port; and they may be intermittent, in 
which case electrostatic discharge (ESD) may have originally caused the problem. Always reseat 
connections and modules, before you call for help. If the Supervisor module is not in slot 1, for 
example, the system doesn't boot up. In general, disconnect and reconnect; try a different port; 
try a different known-good cable. 


Link lights (LEDs) are good but not always a 100-percent test. An 80-percent to 100-percent 
switch load may indicate a broadcast storm. On the other line card modules, the LEDs should 
flash orange (amber) or green during startup, and turn green to indicate successful initialization. 
Red indicates failure (reseat the module), and flashing orange could be a problem on some 
modules, although an instance of redundancy on others. As far as the port link integrity, LED 
issues can be anything from the port, to the cable, to the network interface card (NIC), or the 
negotiation for speed/ duplex. Utilize your tools. Test with a reliable cable as well as a time 
domain reflectometer/ optical time domain reflectometer (TDR/OTDR) to find cable length and 
impedance issues. Use protocol analyzers for protocol information; cable testers for cable issues; 
and network monitors to continuously monitor network traffic. There still could be a cable 
problem with lots of packet loss. On the other hand, things may work fine and the LED may just 
be burned out. 


Other types of connection issues include using fiber where negotiation is not an issue but 
connectivity is. A common problem here is to plug Tx to Tx and Rx to Rx, but if you want things 
to work you need to connect Tx to Rx. 


Pay attention not only to your LED lights but also to your logs for configuration issues. If you see 
a solid orange light, for instance, this may just indicate a shutdown port. A user or internal 
process could have shut it down but might not have automatically brought it back up. Perhaps 
there are speed/duplex issues. The best practice is to hard code fixed devices so that there is no 
negotiation. Perhaps STP has the port in a blocking state because it would cause a loop. 


When things are working normally, you want to make them optimal. Performance commands 
includeset port host, which is a macro that combines set spantree portfast, set port 
channel mode off, and set trunk off. Experiment with timing issues with and without portfast. 
Change the logging level for the session to set logging level spantree7 and observe the time- 
stamped log messages to see how long the port stays in each state. You can accomplish this on 
an 1OS box with the spanning-tree portfast interface command; the following global 
commands: service timestamps debug datetime localtime msec, and service timestamps 
log datetime localtime msec; and the following privileged exec command: debug spantree 
events. You can shut down a port and bring it back up to see a topology change and the 
associated activity. Don't forget that turning on portfast for a port really doesn't change the 
topology; instead it allows the switch to not send a TCN when a port becomes active. 


Traffic issues may lead to segmentation of some sort or to upgrading the devices themselves. 
Useshow port, show mac, and network management programs to monitor the average and 
peak utilization carefully. 


NOTE 


|freset system, the reload command, or rebooting seems to clear the issue and it 
continues to happen, perceptibly the reboot is more of a short-term fix than a 
permanent solution. 


Obviously, you may have a software or hardware bottleneck. Know the limitations of your 
transport and your devices. For example, you still have collisions if Gigabit pipes are feeding 10- 
Mbps shared users. Use Cisco.com to assist with corrupted |OS issues; reload the operating 
system; and upgrade to the appropriate feature set. Again, all of this systematic troubleshooting 
relates back to the OSI model. Do you have power? Are the power supply and fans running? Are 
devices turned on? Do they have link lights? Work your way up the layers. (Refer to Table 1-2 in 
Chapter 1, "Shooting Trouble," for a review of the OSI layers.) 


Once again it is time for the chapter Trouble Tickets. The plan here is to give you several things 
to do, let you make mistakes and fix some things on your own, and to introduce other problems 
that you should have some experience with as a support person. Routing and switching issues 
are unstated knowledge for the Cisco support person today. 


Trouble Tickets 


Complete the following Trouble Tickets in order. Use the information and tools from this chapter 
and the previous chapters to analyze, test, and document. Create your own Physical Layer or 
other problems if you need more practice in that area. Sample solutions are provided at the end 
of the section. 


Trouble Ticket 1 


Start a terminal session and new log on the 2900. Move hosta from the sw1900 to an open port 
on the sw2900 CatOS box. Configure hosta or the 2900 so that it will monitor the activity of 
ports 1/1, 1/2, and 2/3 (or other ports you are using). Be sure to save your configuration if not 
using a CatOS box. 


Trouble Ticket 2 


Power down all devices in the network including routers, switches, and hosts except hosta. (It 
gets pretty quiet, doesn't it?) Power up the 3512 10S box and hostc and observe the LED 
activity. Analyze, test, and fix any issues. 


Trouble Ticket 3 


Power up the 1900 and observe the LED activity. Power on hostb. Analyze, test, and fix any 
issues. 


Trouble Ticket 4 


Power up the 2900 | OS-based switch and observe the LED activity. Analyze, test, and fix any 
issues. 


Trouble Ticket 5 


Hard code the switches to the highest available speed and duplex settings and configure portfast 
where appropriate. 


Trouble Ticket 6 


Physically add another cable between the 1900 and the 3512XL for redundancy and observe the 
new STP topology. Set the 3512XL to log spanning-tree debug events, and ensure the time 
stamps are accurate to the date and time (down to the millisecond). Break the Layer 2 loop by 
disconnecting the cable on the 3512XL port fa0/12. Watch the STP states. 


Trouble Ticket 7 


Make sure the spanning-tree debug is still running from the preceding Trouble Ticket. Hard code 
the 3512XL to be the root bridge by adjusting the priority field. Using the most useful menus, 
CatOS and |OS commands, draw a Layer 2 map including the new spanning tree. Check your 
work against the examples and Figure 6-9 in the solution. 


Figure 6-9. Layer 2 STP Drawing 


0080,c/aa.c887 0050,04df.5fSc 
hostb hostc 


spanning-tree pri 100 
(sh spanning-tree} 
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0010.ffe5.1400 


(sh spantree |) 
CatOS 


Note: All Designated Ports (DP) and Root Ports (RP) are in 


a Forwarding (F) state as are the host parts configured with 
Port Fast (PF). 


Trouble Ticket 8 


Start a continuous ping from hosta to hostc. Unplug portA or B on the 1900 to force a topology 
change. Capture all of this with Sniffer Pro on hosta, but do not stop the capture until the pings 
stop and then automatically start again. Stop and analyze the Sniffer Pro capture of a TCN BPDU 
as in Figure 6-10 in the solution. Plug the cable back in and save all of the chapter device 
configurations to a file. 
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Trouble Tickets Solutions 


The following are the solutions to the Trouble Tickets. 


Trouble Ticket 1 Solution 


| am assuming that Sniffer Pro or similar software and drivers are loaded on hosta so that you can 
later use it to monitor the Layer 2 environment. The SPAN commands are in Example 6-26 for your 


review. 


Example 6-26. Setting Up Port 2/ 1 on the 2900 to Monitor 


sw2900> (enable) !!!I plugged hosta into port 2/1 and enabled port monitoring 


sw2900> (enable) set span 1/1-2 2/1 both 


Enabled monitoring of Port 1/1-2,2/3 transmit/receive traffic by Port 2/1 


sw2900> (enable) show port capabilities 1/1 


Model 


Port 


Type 


Speed 


Duplex 


Trunk encap type 


Trunk mode 


Channel 


Broadcast suppression 


Flow control 


Security 


Membership 


Fast start 


Rewrite 


WS-X2900 


1/1 


100BaseTX 


100 


half, full 


ISL 


on,off,desirable, auto, nonegotiate 


no 


no 


no 


yes 


static, dynamic 


yes 


no 


sw2900> (enable) !!!notice how the next command shows STP rather than port 


monitoring information 


sw2900> (enable) show port span 


POrt Vlan Port-State Cost Priority Fast-Start Group-Method 
ui il 1 forwarding 1g 32 disabled 
1/2 ul forwarding 19 32 disabled 
2/2 1 not-connected 100 32 disabled 
2/3 i forwarding 19 32 disabled 
2/4 1 not-connected 100 32 disabled 
sw2900> (enable) !!!look at the mod#/port# to see the port monitoring status 


sw2900> (enable) show port 2/1 


Port Name Status Vlan Level Duplex Speed Type 


2/1. monitor 1 normal a-full a-100 10/100BaseTX 


sw2900> (enable) show span 


Status : enabled 

Admin Source 2: Port 1/1=2 

Oper Source : Port 1/2 
Destination : Port 2/1 
Direction : transmit/receive 


Incoming Packets: disabled 


sw2900> (enable) 


You will further take advantage of this port monitoring configuration in Trouble Ticket 8, in which y 
use a protocol analyzer to capture packets in a switched environment. 


Trouble Ticket 2 Solution 


The flashing orange and green LEDs should go away. The System and Status LEDs should turn soli: 
green. Feel free to experiment with the mode button to look at things such as utilization, duplex, a 
speed. Port 1 (fa0/1) should be green for the host, although amber while going through the STP st. 
Telnet from the host to the switch to verify connectivity and test the layers from the bottom to the 


Trouble Ticket 3 Solution 


All LEDs start out as green, and then there is some other testing including the individual ports. All 
green lights go out except for the System status. The 1900 also has a mode button to toggle betwe 
stat, utl, and fdup. When you power on hostb, the associated port LED comes on the switch for por 
(e0/2). Once again, telnet would be a better test from the host to the switch than ping because it t: 
all the layers. 


Trouble Ticket 4 Solution 


You notice quick flashes of orange, then red, then green, then red, then orange. Finally the multipl: 
colors turn to a happy green for the System and the Console comes alive. Several flashing orange i 
green tests occur before the System, Status, Fan, Power Supply, and both Fast Ethernet ports turn 
solid green. The bottom 10/100 Fast Ethernet module 2 goes through the red and orange tests, toc 
would expect the System LED to stay green, and port 2/1 and 2/3 should eventually light up for ha 
and the router. However mine does not, and the console states the following: 


SSYS-5-MOD_OK:Module 1 is online 
SSYS-5-MOD_OK:Module 2 is online 


SSYS-3-MOD_FAIL:Module 2 failed to come online 


SSYS-3-MOD_FAIL:Module 2 failed to come online 


| see orange lights but not green lights on the bottom card. Diagnose and fix the problem. 


| issued the command show module 2 on the 2900 and received a faulty status, as you can see in 
Example 6-27. Faulty could indicate a hardware issue, but | will not believe that until | have exhau 
other possibilities such as resetting, reseating, or rebooting the module. | resorted to disabling the 
module through the software and enabling it once again. In practice it would be best to do this firs 
before a hard reset. Both modules appear to now be online and in working condition, but for how | 
may be another issue. This is one of those indicators you should obviously keep track of in case of 
future issues. Helpful commands include show module, show log, and show system. 


Example 6-27. Faulty Module 2 on the 2900 


sw2900> (enable) show module 2 


Mod Module-Name Ports Module-Type Model Serial-—Num Status 
2 LZ 10/100BaseTX Ethernet WS-X2901 008675483 faulty 
Mod MAC-Address (es) Hw Fw Sw 

2 00-10-7b-53-4b-9c to 00-10-7b-53-4b-a7 1.4 3.11) 4.4(1) 


sw2900> (enable) set module disable 1 
Cannot disable Supervisor module. 
sw2900> (enable) set module disable 2 
Module 2 disabled. 

sw2900> (enable) set module enable 2 
Module 2 enabled. 


sw2900> (enable) SSYS-5-MOD_OK:Module 2 is online 


All lights are green that | would expect at this point. On port 1/3, the Speed LED is green but the L 
LED is not lit. If you trace the cable over to the router, however, you will find it to be one of those 
"Layer O" issues. "Layer 0" is really not part of the OSI model, but perhaps it should be. Power on 1 
router to take care of that little issue. 


Things appear to be working and you probably didn't have this issue (or could you duplicate it for t 
matter). At least you can remind yourself to do things such as reset ports or modules, move modul 
possible, power things down and bring them back up before you give up on yourself or think you h 
a dead box. Obviously this may be the beginning of a hardware failure, but this is why accurate loc 
and documentation are so critical in the long run. 


Trouble Ticket 5 Solution 


Example 6-28 shows the commands to set the speed to 100 Mbps and the duplex to full on port 2/° 
and 2/3. 1 discovered that ports 1/1 and 1/2 are fixed 1OOBASE-TX ports with the show port 
capabilities command. Telnet is a quick test of all the layers. 


Example 6-28. Setting Speed and Duplex on the 2900 CatOS Box 


sw2900> (enable) set port speed 1/1-2,2/1,2/3 100 
Ports 2/1,2/3 transmission speed set to 100Mbps. 
sw2900> (enable) set port speed 1/1-2 100 

Failed to set transmission speed for ports 1/1-2. 


sw2900> (enable) show port capabilities 1/1 


Model WS-X2900 
Port 1/1 

Type 100BaseTX 
Speed 100 
Duplex halt,tull 


sw2900> (enable) set port duplex 1/1-2,2/1,2/3 full 
Ports 1/1-2,2/1,2/3 set to full-duplex. 


sw2900> (enable) telnet 192.168.5.100 


Example 6-29 illustrates the menu commands to configure speed and duplex for e0/2 on the 1900. 
commands for fa0/26(port A) and fa0/27(port B) are the same but are not shown in the output. Te 
tests things out through all the layers. 


Example 6-29. Setting Speed and Duplex on the 1900 Using the Menus 


Catalyst 1900 - Main Menu 


[C] Console Settings 


[S] System 


[N] Network Management 


[P] Port Configuration 


{H] Help 
[X] Exit Management Console 
Enter Selection: PB 
Identify Port: 1 to 24[1-24], [AUI], [A], [Bl]: 


Select [1 - 24, AUI, A, B]: 2 


Catalyst 1900 = Port. 1 Configuration 
Built-in 10Base-T 


802.1d STP State: Blocking Forward Transitions: 0 


Settings 


[D] Description/name of port 


[S] Status of port Suspended-no-linkbeat 
[F] Full duplex Disabled 

[I] Port priority (spanning tree) 128 (80 hex) 

[C] Path cost (spanning tree) 100 

[H] Port fast mode (spanning tree) Enabled 


Enter Selection: F 
Full duplex can double a port bandwidth by allowing it to simultaneously 


transmit and receive. 


Full duplex may be [E]nabled or [D]isabled: 
Current setting ===> Disabled 


New setting ===> Enabled 


sw2900> (enable) telnet 192.168.5.99 


NOTE 


You should have surmised on the 1900 that port e/02 is 10-Mbps/half-duplex by default with 


portfast enabled. However, fa0/26 and fa0/27, ports A and B are 100-Mbps/auto- duplex with 
portfast disabled by default. Because the display clearly illustrates that descriptions were 
missed earlier, if this were a practical environment! would recommend you configure them. 


Example 6-30 shows the fa0/1 speed and duplex configuration on the 3512XL1OS box. Interface 
fa0/12 is configured exactly the same. 


Example 6-30. Setting Speed and Duplex on the 3512XL1OS Box 


3512XL (config) #interface fastethernet 0/1 

3512XL(config-if) #speed 100 

3512XL (config-if) #duplex full 

3512XL (config-if) #end 

3512XL#show interfaces fastethernet 0/1 

FastEthernet0O/1 is up, line protocol is up 
Hardware is Fast Ethernet, address is 00d0.7968.8481 (bia 00d0.7968.8481) 
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive not set 


Full-duplex, 100Mb/s, 100BaseTX/FX 


Portfast should be implemented only on the three switch ports that connect to the hosts. It was on 
default for e/02 on the 1900, but needs to be set on the 3512 and 2900. First look at STP in Examg 
6-31. 


Example 6-31. STP on the 3512XL1OS Box 


3512XL#show spantree 

Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8480 
Configured hello time 2, max age 20, forward delay 15 


Current root has priority 32768, address 0010.ffe5.1400 


ROOt port is 25, cost of root path is: 19 


Topology change flag set, detected flag not set, changes 9 


Times: hold 1, topology change 35, notification 2 


hello 2, max age 20, forward delay 15 


Timers: hello 0, topology change 0, notification 0 


Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING 


Port path €ost 19, Pore priority 128 


Designated root has priority 32768, address 0010.ffe5.1400 


Designated bridge has priority 32768, address 00d0.7968.8480 


Designated port is 13, path cost 19 


Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 1064, received 0 


Interface Fa0/2 (port 14) in Spanning tree 1 is down 


Port path cost 100, Port priority 128 


Designated root has priority 32768, address 0010.ffe5.1400 


Designated bridge has priority 32768, address 00d0.7968.8480 


Designated port is 14, path cost 19 


Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/12 (port 25) in Spanning tree 1 is FORWARDING 


Port path €ost 19, Port priority 128 


Designated root has priority 32768, address 0010.ffe5.1400 


Designated bridge has priority 32768, address 0010.ffe5.1400 


Designated port is 1, path cost 0 


Timers: message age 1, forward delay 0, hold 0 


BPDU: sent 12, received 998 


Only a few interfaces are shown in the shaded output, but remember the first interface is the actua 
interface on the box and the port number in parentheses () is the way the interface was logically 
calculated for STP purposes. 


Now configure portfast on fa0/1 where hostc connects as in Example 6-32. 


Example 6-32. Configuring STP Portfast on the 3512 XL Host Connections 


3512XL (config) #interface fastethernet 0/1 


3512XL (config-if) #spanning-tree portfast 


3512XL(config-if) #end 


3512XL#copy running-config startup-config 


Show STP statistics on port 2/1 on the 2900 CatOS box to see that portfast is referred to as fast-st 
Turn it on for the connection to hosta as in Example 6-33. 


Example 6-33. Configuring STP Portfast on the 2900 Host Connection 


sw2900>show spantree 2/1 


Port Vlan Port-State Cost Priority Fast-Start Group-Method 


sw2900> (enable) set spantree portfast 2/1 enable 

Warning: Spantree port fast start should only be enabled on ports connected 
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to 
a fast start port can cause temporary spanning tree loops. Use with caution. 


Spantree port 2/1 fast start enabled. 


Trouble Ticket 6 Solution 


Connect a crossover cable between port B on the 1900 and fa0/11 on the 3512XL. The orange port 
turns green on 1900, but stays orange on the 3512XL because of STP. Fa0/11 is in the blocking sta 
If you pull the fa0/12 cable, obviously that would change because you would take away the Layer : 
loop. STP is just doing its job here and if you had a picture of your environment in front of you this 
would be very easy to see; don't worry if you don't because that is part of the next Trouble Ticket. 
Example 6- 34 illustrates some helpful debug and logging setups to help you analyze STP. Rememb 
that you may need to turn on terminal monitor to see your debug output remotely. 


Example 6-34. Testing STP on the 3512 


sw3512XL#show clock 

sw3512XL#clock set 8:00:00 25 Nov 2002 

sw3512XL#configure terminal 

sw3512XL (config) #service timestamps debug datetime msec localtime 
sw3512XL (config) #service timestamps log datetime msec localtime 
sw3512XL (config) #end 


sw3512XL#copy running-config startup-config 


sw3512XL#debug spantree events 


Unplug the connection to fa0/11 on the 3512XL and wait for the line and protocol to go down. Plug 
cable back in and watch the debug output that displays as in Example 6-35. 


Example 6-35. Testing STP on the 3512 


Nov 25 08:15:36.580: %SLINK-3-UPDOWN: Interface FastEthernet0/11, changed state to 
Nov 25 08:15:37.204: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0 
“hanged state to down 

sw3512XL#!!!now plug the cable back in 

Nov 25 08:15:57.229: ST: FastEthernet0/11 -> listening 

Nov 25 08:15:57.234: SLINK-3-UPDOWN: Interface FastEthernet0/11, changed state to 


Nov 25 08:15:57.242: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0O 


“hanged state to up 
Nov 25 08:15:57.994: ST: FastEthernet0/11 -> blocking 
sw3512XL#show spantree 
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8480 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 32768, address 0010.ffe5.1400 
ROO’. POLE as 25, GOSt Of TOok path o1s5 19 
Topology change flag not set, detected flag not set, changes 11 
Times: hold 1, topology change 35, notification 2 
hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0 
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING 
Pore path cost. 19, Port pracrity 128 
Designated root has priority 32768, address 0010.ffe5.1400 


Designated bridge has priority 32768, address 00d0.7968.8480 


Designated port is 13, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 4238, received 0 

Interface Fa0/11 (port 24) in Spanning tree 1 is BLOCKING 
Port path cost. 19, Port priority 128 
Designated root has priority 32768, address 0010.ffe5.1400 
Designated bridge has priority 32768, address 0090.922a.7680 
Designated port is 27, path cost 10 
Timers: message age 3, forward delay 0, hold 0 
BPDU: sent 2, received 693 

Interface Fa0/12 (port 25) in Spanning tree 1 is FORWARDING 


Pore path. cost. 19, Port priority 128 


The 
the 


Designated root has priority 32768, address 0010.ffe5.1400 
Designated bridge has priority 32768, address 0010.ffe5.1400 
Designated port is 2, path cost 0 

Timers: message age 4, forward delay 0, hold 0 


BPDU: sent 5, received 3484 


time and date stamps at the millisecond intervals are quite helpful here because you can see tl 
calculations occurred rather quickly. Ports 1 and 12 are in a forwarding state. Port 11 is ina 


blocking state but is still processing BPDUs in case of a topology change. Disconnect the cable on 
fa0/12 to verify this and observe the debug activity in Example 6-36. Note that it takes about 30 
seconds from the time the link goes down until the redundant link takes over automatically. 


Example 6-36. Watching a Topology Change and the STP States 


Nov 
Nov 
Nov 
Nov 
Nov 
hn 
Nov 
Nov 
Nov 
Nov 


sw3 


25 08:30:12.869: SLINK-3-UPDOWN: Interface FastEthernet0/12, changed state to 
25 08:30:12.869: ST: sent Topology Change Notice on FastEthernet0/12 

25 08:30:12.875: ST: FastEthernet0/12 -> blocking 

25 08:30:12.880: ST: FastEthernet0/11 -> listening 

25 08:30:13.129: SLINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0 
anged state to down 

25 08:30:14.869: ST: sent Topology Change Notice on FastEthernet0/11 

25 08:30:27.882: ST: FastEthernet0/11 -> learning 

25 08:30:42.890: ST: sent Topology Change Notice on FastEthernet0/11 

25 08:30:42.890: ST: FastEthernet0/1l -> forwarding 

512XL# 


CAUTION 


Debug output is quite helpful in a lab situation to understand exactly what is happening. Be 
very cautious in the production environment. Always use the question mark (?) to find the 
right command to help you limit the amount of debug activity when troubleshooting and 


remember to turn debug off when you are done. CatOS does not offer debug, but the set 
trace ? command gives you similar output. 


Reconnect the cable on port fa0/12 of the 3512XL switch and allow STP to converge before beginni 
the next trouble ticket. 


Trouble Ticket 7 Solution 


Example 6- 37 illustrates that STP debugging is still on and is the command to hard code the root 
bridge. 


Example 6-37. Configuring the Root Bridge 


3512XL#show debug 
General spanning tree: 
Spanning Tree event debugging is on 
3512XL#configure terminal 
3512XL (config) #spanning-tree ? 


forward-time Set a Spanning Tree FORWARD Interval 


hello-time Set a Spanning Tree HELLO Interval 
max-age Set a Spanning Tree MAX AGE Interval 
priority Set a Spanning Tree Priority 
protocol Spanning tree protocol type 
uplinkfast Enable UplinkFast Feature 

vlan VLAN Switch Spanning Trees 

<cr> 


3512XL (config) #spanning-tree priority ? 
<0-65535> Set a Spanning Tree Priority 

3512XL (config) #!!!lowest BID wins 

3512XL (config) #spanning-tree priority 100 


Nov 25 08:40:00.178: ST: FastEthernet0/11 -> listening 


Nov 25 08:40:00.199: ST: Topology Change rcevd on FastEthernet0/12 
Nov 25 08:40:15.178: ST: FastEthernet0/11 -> learning 

Nov 25 08:40:30.204: ST: FastEthernet0/11 -> forwarding 

3512XL (config) #exit 


3512XL#copy running-config startup-config 


Show the spanning tree to verify that the 3512 is in fact now the root bridge. The shaded output in 
Example 6-38 certainly helps you out with that. 


Example 6-38. We Are the Root of the Spanning Tree 


3512XL#show spanning-tree 


Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 100, address 00d0.7968.8480 
Configured hello time 2, max age 20, forward delay 15 
We are the root of the spanning tree 
Topology change flag not set, detected flag not set, changes 9 
Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 
Timers: hello 1, topology change 0, notification 0 

Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING 

Pore path cost. 19, Port pracrity 128 

Designated root has priority 100, address 00d0.7968.8480 


Designated bridge has priority 100, address 00d0.7968.8480 


Designated port is 13, path cost 0 


Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 56902, received 0 


The port is in the portfast mode 


Interface Fa0/11 (port 24) in Spanning tree 1 is FORWARDING 
Pore path cost. 19, Port priority 12Ze 
Designated root has priority 100, address 00d0.7968.8480 


Designated bridge has priority 100, address 00d0.7968.8480 


Designated port is 24, path cost 0 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 56006, received 5 
Interface Fa0/12 (port 25) in Spanning tree 1 is FORWARDING 
POrt path cost 19,. Port priority 12¢e 
Designated root has priority 100, address 00d0.7968.8480 


Designated bridge has priority 100, address 00d0.7968.8480 


Designated port is 25, path cost 0 
Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 3844, received 4 


Lowering the priority forced the 3512 to become the root bridge, and all the ports are designated c 
a forwarding state. Show STP on the 2900 as in Example 6-39 to help you gather the statistics for 
Layer 2 drawing. 


Example 6-39. The STP Topology on the 2900 


sw2900> (enable) show spantree 
VLAN 1 

Spanning tree enabled 

Spanning tree type ieee 
!!! global parameters are above 


!!! root bridge parameters are below followed by local switch and port 


Designated Root 00-d0-79-68-84-80 


Designated Root Priority 100 


Designated Root Cost 19 
Designated Root Port L/2 

Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Bridge ID MAC ADDR 00-10-ff-e5-14-00 
Bridge ID Priority 32768 
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Port Vlan Port-State Cost Priority Fast-Start Group—-Method 
aA. 1 blocking 19 32 disabled 

1/2 1 forwarding 19 32 disabled 

2/2 al not-connected 100 32 disabled 

2/3 1 forwarding 19 32 disabled 

2/4 al not-connected 100 32 disabled 


The designated root port is the path by which the 2900 gets to the root bridge. By definition all por 
on the root bridge must be in a forwarding state. However, STP takes care of the Layer 2 loop by 
blocking port 1/1 on the 2900. Analyze the 1900 to complete your drawing. (See Example 6-40.) 


Example 6-40. The STP Topology on the 1900 


Catalyst 1900 - Main Menu 
[C] Console Settings 
[S] System 
[N] Network Management 


[P|] Port Contiguration 


Enter Selection: P 
Identify Port: 1 to 24[1-24], [AUI], [A], [B]: 


Select [1 - 24, AUI, A, B]: A 


Catalyst 1900 - Port A Configuration 
Built-in 100Base-TX 


802.1d STP State: Forwarding Forward Transitions: 


Settings 


[D] Description/name of port 


[Ss] Status of port Enabled 

[I] Port priority (spanning tree) 128 (80 hex) 
[C] Path cost (spanning tree) 10 

[H] Port fast mode (spanning tree) Disabled 

[E] Enhanced congestion control Disabled 

[F] Full duplex / Flow control Full duplex 


Related Menus 


[A] Port addressing [V] View port statistics 
[N] Next port [G] Goto port 
[P] Previous port [X] Exit to Main Menu 


Enter Selection: N 
Catalyst 1900 - Port B Configuration 
Built-in 100Base-TX 


802.1d STP State: Forwarding Forward Transitions: 


Settings 


[D] Description/name of port 


[Ss] Status: of port Enabled 

[I] Port priority (spanning tree) 128 (80 hex) 
[C] Path cost (spanning tree) 10 

[H] Port fast mode (spanning tree) Disabled 

[E] Enhanced congestion control Disabled 

[F] Full duplex / Flow control Full duplex 


Related Menus 


[A] Port addressing [V] View port statistics 
[N] Next port [G] Goto port 
[P] Prévious port [X] Exit to Main Menu 
Enter Selection: G 
Identify Port: 1 to 24[1-24], [AUI], [A], [B]: 
Select [1 - 24, AUI, A, B]: 2 
Catalyst 1900 - Port 2 Configuration 
Built-in 10Base-T 


802.1d STP State: Forwarding Forward Transitions: 87 


The 1900 is forwarding on all used ports and is running portfast to the hostb connection. Port A is t 
designated port for the segment between the 1900 and the 2900, and Port B is the root port, whict 
the 1900's path to the root bridge. 

If necessary, rerun the show spanning-tree command on any 10S device, run show spantree o! 


any CatOS device, or use HTTP or menus to complete a Layer 2 STP drawing (see Figure 6-9). Feel 
to add the costs to your drawing for an additional level of detail. 


Trouble Ticket 8 Solution 


Example 6-41 starts the continuous ping from hosta so that you can analyze STP in action. When y 
disconnect the cable connected to port A on the 1900, the ping times out and because of STP it 
automatically starts working again. 


Example 6-41. STP in Action 


Microsoft Windows 2000 [Version 5.00.2195] 
Copyright 1985-2000 Microsoft Corp. 
C:\>ping 192.168.5.103 -t 
Pinging 192.168 .5.103 with. S2 bytes of datas 
Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<1l0ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<1l0ms TTL=128 


Request timed out. 


Request timed out. 


Request timed out. 


Request timed out. 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Reply from 192.168.5.103: bytes=32 time<10ms TTL=128 


Ping Statistics tor 192.168 .5-1032 
Packets: Sent = 54, Received = 24, Lost = 30 (55% loss), 
Approximate round trip times in milli-seconds: 


Minimum = Oms, Maximum = Oms, Average = Oms 


Figure 6-10 illustrates the ping and the TCN BPDU. The TCN doesn't have as many fields as the 
configuration BPDU because TCNs are topology changes that are sent to the root bridge. The 
significance of a TCN is that the learned addresses get aged- out very quickly. 


Remember to plug the cable back in and save your chapter configurations to a file called Chapter 6 
Ending Configs. You have completed the chapter Trouble Tickets when you feel comfortable with th 
tasks assigned and the various scenarios throughout the chapter. Review or experiment in the aree 
where you need more help. Understanding and troubleshooting in a simple environment is certainh 
foundation for understanding and troubleshooting more complex protocols and technologies. Check 
your understanding with the chapter review questions. 


Review Questions 


Use the information in this chapter to answer the following questions. The answers are located in A 


A, "Answers to Review Questions." 


1: On the 1900, portfast is enabled on the 10-Mbps ports and disabled on the uplink ports. C. 
you change this? If so, how? Give a practical example of using portfast. 


2: What command outputs the following on a 2900 CatOS: 


* = Static Entry. 


X 


VLAN 


= Port Security Entry 


Dest MAC/Route Des 


Destination Ports or VCs / 


+ = Permanent Entry. # 


00=90=92-=2a=16=9a 


00-80-c7-aa-c8-87 


00=50=04=di=5£=Se 


00=d0=79-68=84=8d 


00=b0-64-81=eE3=00 


1/1 


Lf2 


1/2 


Ly? 


2/3 


[ALL] 


[ALL] 


[ALL] 


[ALL] 


[ALL] 


System Entry. R Router Entry. 


[Protocol Type] 


3: What command outputs the following on an |OS-based switch: 


Dynamic Address Count: 7 
Secure Address (User-defined) Count: 0 
Static Address (User-defined) Count: 0 
System Self Address Count: Si 
Total MAC addresses: 44 
Maximum MAC addresses: 8192 


Non-static Address Table: 


Destination Address Address Type VLAN Destination Port 


0010.4ba5.ae50 Dynamic 1 FastEthernet0/12 
0010.ffe5.17fd Dynamic 1 FastEthernet0/12 
0010.ffe5,.17ff Dynamic 1 FastEthernet0/12 
0050 .04df .S£3¢ Dynamic 1 FastEthernet0/1 
0080.c7aa.c887 Dynamic 1 FastEthernet0/11 
0090.922a.769b Dynamic 1 FastEthernet0/11 
00b0.6481.e300 Dynamic 1 FastEthernet0/12 


4: I|saport receiving traffic if it is in the STP blocking state? 


5: What are the STP state transitions? 


6: How do you view the speed and duplex settings on a router or |OS-based switch? Ona Cal 
based switch? 


“ 


It is common practice to use loopbacks for testing. Can you be sure that a loopback addre: 
always up? 


8: 


hg 


| issued the following show interface command on the 2900 CatOS box to view the 
management IP address and its parameters. What is the 192.168.5.111 address? 


sw2900> (enable) show interface 
sl0: flags=51<UP, POINTOPOINT, RUNNING> 
slip 0.0.0.0 dest 0.0.0.0 


sc0O: flags=63<UP, BROADCAST, RUNNING> 


vlan 1 inet 192.168.5.98 netmask 255.255.255.240 broadcast 192.168. 


Encoded Address Recognition Logic (EARL) is an ASIC that works with the bus arbitration 1 
packet transfers in a Catalyst 5000. Ethernet ports use a custom ASIC called __ 
Other ports use a custom ASIC called > 


You are ata host and attempt to telnet to a switch. The following message appears: 


Password required, but none set 


Connection to host lost. 


What's the issue? 


Assume your environment to be what it is now for the chapter scenario. On hosta you type 
commandtracert 192.168.5.103. How many hops to the destination? 


Summary 


Shooting trouble with the CatOS and1OS is a necessity today. Many things that used to be 
performed on routers are now performed on switches with router capability. Although many 
switches are usable the minute you take them out of the box, they are more optimal if 
configured for the environment. Supporting Layer 2 and Layer 3 devices not only requires a good 
basis of switching and routing, but an understanding of the devices and operating systems, too. 
LEDs, SPAN, and various show commands are excellent Layer 2 tools if you use them. Like it or 
not, full-duplex switching has allowed Ethernet to be reborn again. So until the next big 
architecture comes along, you can continue to leverage off of what you know about legacy 
Ethernet to assist you in supporting today's switched Ethernet environments. 


This chapter reviewed segmentation, STP, 5000/6000 architecture, and the evolution of Cisco 
switches, including examples of the devices and the operating systems. The next chapter 
continues your Ethernet, IP, and switching experience with supporting VLANs. 


Chapter 7. Shooting Trouble with VLANs 
on Routers and Switches 


This chapter continues the practical switching focus and includes a number of objectives falling 
under the CCNP troubleshooting guidelines. Understanding and supporting Ethernet switches, 
routers, and virtual LANs (VLANs) applies to all of Cisco's current certifications. A solid 
understanding of VLANs and the role of routers and switches in the internetwork is essential in 
your practical studies. This chapter assumes knowledge of the previous chapters, but in 
particular of Chapter 3, "Shooting Trouble with IP," Chapter 5, "Shooting Trouble with Ethernet," 
andChapter 6, "Shooting Trouble with CatOS and 10S." 

You build the chapter scenario to assist you in supporting routing and switching using VLANs. 
The chapter reviews VLAN concepts, symptoms, problems, and action plans while you configure 
your VLANs. As you are used to by now, throughout the chapter there are several walk-through 
scenarios and practical Trouble Tickets for you to explore. For those of you who do not have 
equipment handy, | include many relevant figures and examples so that you too can shoot 
trouble with VLANs. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with VLANs on Routers and Switches 
e Why VLANs? 

e Trunking 

e Managing VLANs 

e Inter-VLAN Routing 

e Route Switch Technologies 

e Shooting Trouble with VLANs 

e Trouble Tickets 


e Trouble Tickets Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table I-1 in the Introduction. 


Scenario: Shooting Trouble with VLANs on Routers and 
Switches 


The chapter scenario uses some of the same routers and switches you have configured for the 
other scenarios. You modify your lab according to Figure 7-1 and start with everything in VLAN1. 


Figure 7-1. Chapter 7 Scenario Physical Layout 


ri-2514 
r2—2501 
r3-3640 

$w3512XL-lOS 
sw2900-CatOS 


hosta 


Document your steps and any problems along the way. Remember, however, that there is not 
always one right way to accomplish the tasks presented. The ability to obtain the end result 
using good practices is extremely important in any real-world network. My troubleshooting and 
device configurations are presented starting in Example 7-1 so that you can compare your work 
and perhaps see a different approach to obtaining the end result. Use the previous 
troubleshooting checklists, your step-by-step troubleshooting methodology, and the VLAN 
checklist in Table 7-1 to assist in testing. 


Table 7-1. VLAN Quick Troubleshooting Checklist 


CatOS 


10S 


set vtp domain donna 


#vlan database 


(vlan)#vtp domain donna 


set vtp mode transparent 


(vlan)#vtp transparent 


vlan 2 name eng type ethernet 


(vlan)#vlan 2 name eng media ethernet 


show vlan 


show spantreevian# 


(vlan) #show 


#show spanning-treevlan# 


clear vian 2 


(vlan)#no vlan 2 name eng media ethernet 


(vlan) #exit 


show vtp domain 


#show vtp status 


set trunk 1/ 1-2 on 


(config) #interface faO/ 12 


(config-if)#switchport mode trunk 


show trunk 


#show interface fa0/ 12 switchport 


show spantree ? 


show port spantree 2/ 4 


#show spanning-tree ? 


#show spannting-tree interface fa0/ 1 


See also 
www.cisco.com/univercd/ cc/td/doc/product/lan/cat2950/12111eal/scg/swvlan.htm#xtocid7. 


As | discuss real-world VLAN-to-VLAN communication—including issues such as addressing the 
broadcast domains, default gateways, VLAN Trunking Protocol (VTP) mode tuning, trunking 
issues, routing issues, vanishing VLANs, and so on—continue to identify targets and document 
the results using ping, trace, set, show, clear, Cisco Discovery Protocol (CDP), debug, 
protocol analyzers, and other troubleshooting tools. 


First you should physically disconnect all serial and Ethernet cables and wire your lab according 
toFigure 7-1. My terminal server is a 2511 (not pictured in the diagram), rl is a 2514, r2 isa 
2501, r3 is a 3640, the |OS-based switch is a 3512XL, and the CatOS-based switch is a 2900. 
The 1900 used in the preceding chapter is not being used here. | am assuming you have a Fast 
Ethernet connection from r3 to the 3512XL switch as well as between the switches. My 
connections between r1/r2 and their respective switches are only 10 Mbps, but 10 or 100 is fine. 
Assuming you have the correct number and type of interfaces, other equipment is suitable, too. 
Configure the terminal server (optional) and clear the configurations. The write erase or erase 
startup- config command followed by the reload command works fine for the routers and the 
|OS-based switch. Use clear config all for the CatOS box. 


Inspect the LEDs for all devices and prepare for console or terminal server connectivity to each 
device. Globally configure such items as hostnames and passwords. Configure what is 
appropriate for the router interfaces, including descriptions, speed and duplex settings, 
bandwidth, and clock rate. Remember to issue a no shut on the interfaces and turn on logging 
synchronous for the console. Use the default encapsulations but do not configure the IP 
parameters as of yet. Example 7-1 displays the rl configuration. 


Example 7-1. rl Configuration 


Router>enable 

Router#configure terminal 

Router (config) #hostname rl 

rl(config) #enable secret donna 
rl(config) #line vty 0 4 
rl1(config-line) #login 

rl(config-line) #password donna 
rl(config-line) #interface ethernet 0 
rl (config-if) #description rleO to sw2900 2/1 
rl1l(config-if) #speed 10 

rl (config-if) #duplex half 
rl1l(config-if)#no shut 

rl(config-if) #interface serial 1 

rl (config-if) #description risl to r2s1 
rl(config-if) #bandwidth 64 
r1l(config-if) #clock rate 64000 
rl1(config-if)#no shut 

rl (config-if) #exit 

rl(config) #line console 0 
rl(config-line) #logging synchronous 


r1(config-line) #end 


rl#copy running-config startup-config 


Speed and duplex settings may or may not be available depending upon your hardware and 
software. 


Next configure r2 as in Example 7-2. 


Example 7-2. r2 Configuration 


Router (config) #hostname r2 


r2 (config) #enable secret donna 


r2 (config) #line vty 0 4 


r2 (config-line) #login 


r2 (config-line) #password donna 


r2(config-line) #interface ethernet 0 


r2(config-if) #description r2e0 to sw3512xl fa0/12 


r2(config-if) #speed 10 


r2(config—-if) #duplex half 


r2(config-if)#no shut 


r2(config—-if) #interface serial 0 


r2(config-if) #description r2s0 to r3s0/0 


r2(config—-if) #bandwidth 64 


r2(config-if) #no shut 


r2(config—-if) #interface serial 1 


r2(config-if) #description r2sl1 to rl1sl 


r2(config—-if) #bandwidth 64 


r2(config-if)#no shut 


r2 (config-if) #exit 


r2 (config) #line console 0 


r2(config-1 


r2(contig=i 


r2#show ip 
Interface 
Ethernet0O 


SerialO 


line) #logging synchronous 


line) #end 


interface brief 


IP-Address OK? Method Status 


unassigned YES unset up 


unassigned YES unset down 


Protocol 


up 


down 


Seriall unassigned YES unset up up 


r2#copy running-config startup-config 


Now that Layer 1 and Layer 2 are up for rl and r2, move along to configure r3 as in Example 7- 
2 


Example 7-3. r3 Configuration 


Router (config) #hostname r3 

r3 (config) #enable secret donna 

r3(config) #line vty 0 4 

r3 (config-line) #login 

r3(config-line) #password donna 

r3(config-line) #interface fastethernet 2/0 
r3(config-if) #description r3 fa2/0 to sw3512xl £fa0/10 
r3(config-if) #speed 100 


r3 (config—-if) #full—duplex 


r3(config-if)#no shut 

r3 (config) #interface serial 0/0 
r3(config-if) #description r3s0/0 to r2s0 
r3(config-if) #bandwidth 64 
r3(config-if) #clock rate 64000 
r3(config-if)#no shut 

r3(config-if) #exit 

r3 (config) #line console 0 
r3(config-line) #logging synchronous 
r3 (config-line) tend 

r3#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 


Serial0/0 unassigned YES unset up up 


FastEthernet2/0 unassigned YES unset up up 


r3#copy running-config startup-config 


Now that the basic router configurations are in place, configure the switches as in Examples 7-4, 
7-5, and 7-6 (including the hostnames, passwords, and most appropriate duplex, speed, and 
portfast settings). Verify CDP communications from both switches as a quick physical test as in 


Example 7-7. 


Example 7-4. sw3512XL IOS Switch Configuration 


Switch (config) #hostname sw3512x1 

sw3512x1 (config) #enable secret donna 

sw3512x1l (config) #line vty 0 4 

sw3512x1 (config-line) #login 

sw3512x1l(config-line) #password donnna 
sw3512x1l(config-line) #!!!better to fix this now than later 


sw3512x1(config-line) #password donna 


sw3512x1(config-line) #interface fastethernet 0/1 
sw3512x1(config-if) #description sw3512xl fa0/1 to hosta 
sw3512x1l(config-if) #speed 100 

sw3512x1l(config-if) #duplex full 

sw3512x1(config-if) #spanning-tree portfast 
sw3512x1(config-if)#no shut 

sw3512x1l(config-if) #interface fastethernet 0/2 
sw3512x1(config-if) #description sw3512xl fa0/2 to hostb 


sw3512x1l(config-if) #speed 10 


sw3512x1(config-if) #duplex half 


sw3512x1(config-if) #spanning-tree portfast 
sw3512x1(config-if)#no shut 

sw3512x1l(config-if) #interface fastethernet 0/10 
sw3512x1l(config-if) #description sw3512xl £a0/10 
sw3512x1l(config-if) #speed 100 
sw3512x1(config-if) #duplex full 
sw3512x1(config-if)#no shut 

sw3512x1l(config-if) #interface fastethernet 0/11 
sw3512x1l(config-if) #description sw3512xl fa0/11 
sw3512x1l(config-if) #speed 100 
sw3512x1l(config-if) #duplex full 
sw3512x1(config-if)#no shut 

sw3512x1l(config-if) #interface fastethernet 0/12 
sw3512x1(config-if) #description sw3512xl f£a0/12 
sw3512x1l(config-if) #speed 10 
sw3512x1l(config-if) #duplex half 
sw3512x1(config-if)#no shut 
sw3512x1(config-if) #exit 

sw3512x1 (config) #line console 0 
sw3512x1(config-line) #logging synchronous 


sw3512x1(config-line) #end 


sw3512xl#copy running-config startup-config 


The shaded output illustrates where | incorrectly typed the password. Because | realized it right 
away, | just quickly repeated the line (using the up arrow key) with the correct password. These 


to r3 fa2/0 


to sw2900 1/1 


to r2e0 


self-inflicted errors always make troubleshooting a challenge. 


Continue your configuration with the 2900. Example 7-5 illustrates clearing the existing 
configuration. Keep in mind this wouldn't be a best practice over a telnet connection because you 
lose all configuration, which includes your management interface, too. Example 7-6 displays the 


2900 scenario configuration. 


Example 7-5. Clearing the sw2900 CatOS Switch Configuration 


sw2900 (enable) clear config all 


This command will clear all configuration in NVRAM. 


This command will cause ifIndex to be reassigned on the next system startup. 


Do you want to continue (y/n) [n]? y 


-duplicate IP address 0.0.0.0 sent from MAC address: 00-d0-79-68-84-80 


System configuration cleared. 


Example 7-6. sw2900 CatOS Switch Configuration 


Console> (enable) set system name sw2900 

System name set. 

sw2900> (enable) set enablepass 

Enter old password: 

Enter new password: 

Retype new password: 

Password changed. 

sw2900> (enable) set port name ? 

Usage: set port name <mod_num/port_num> [port_name] 
sw2900> (enable) set port name 1/1 sw2900 1/1 to sw3512x1 fa0/11 
Name string must be less than 21 characters. 

sw2900> (enable) set port name 1/1 to sw3512x1l fa0/11 
Port 1/1 name set. 


sw2900> (enable) set port speed 100 


Usage: set port speed <mod_num/port_num> <4 | 10 | 16 | 100 | auto> 
sw2900> (enable) set port speed 1/1 100 

Feature not supported on Module 1. 

sw2900> (enable) set port duplex 1/1 full 
Port(s) 1/1 set to full-duplex. 

sw2900> (enable) set port enable 1/1 

Port 1/1 enabled. 

sw2900> (enable) set port name 1/2 to hostc 
Port 1/2 name set. 

sw2900> (enable) set port speed 1/2 100 

Feature not supported on Module 1. 

sw2900> (enable) set port duplex 1/2 full 
Port(s) 1/2 set to full-duplex. 

sw2900> (enable) set port enable 1/2 

Port 1/2 enabled. 

sw2900> (enable) set port name 2/1 to rile0 

Port 2/1 name set. 

sw2900> (enable) set port speed 2/1 10 

Port(s) 2/1 speed set to 10Mbps. 

sw2900> (enable) set port duplex 2/1 half 
Port(s) 2/1 set to full-duplex. 
Sw2900>!!!alternately could have set all the ports to full duplex as follows 
sw2900> (enable) set port duplex 1/1-2,2/1 full 


Ports: 1/1=2,2/1. sét to full=-duplex. 


Now that the switches are configured, verify the neighboring devices from the perspective of 
both switches as in Example 7-7. 


Example 7-7. CDP Testing 


sw3512xl>show cdp neighbors 


Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 


S - Switch, H - Host, I - IGMP, r - Repeater 


Device ID Local Intrfce Holdtme Capability Platform Port ID 
005352782 (sw2900)Fas 0/11 LZ TS WS-C2900 1/1 

r2 Fas 0/12 176 R 2500 Eth 0 

63 Fas 0/10 162 R 3640 Fas 2/0 


sw2900> (enable) show cdp neighbors 


Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 


S - Switch, H - Host, I - IGMP, r - Repeater 


Port Device-ID Port=ID Platform Capability 
1/1 sw3512xl FastEthernet0/11 cisco WS-C3512-XL s 
2/1 agi Ethernet0O Giseo 2500 R 


Because the Physical and Data Link Layers are up and running, take a closer look at the chapter 
scenario. Using the same physical layout, you will assign IP addresses as required and control 
broadcast traffic using VLANs. | want to review a few things about VLANs before you configure 
them. 


Why VLANs? 


Many people will tell you VLANs are so darn virtual that you tend to lose them for no apparent 
reason. I'll save that discussion for the "Shooting Trouble with VLANs" section and the Trouble 
Tickets. To get a handle on VLANs, | want you to think about the function of a router. Physically 
each interface or wire is a broadcast domain, but it is more often referred to as a subnet. Traffic 
from one router can pass from one local interface to another because the router knows about its 
directly connected networks. I nterrouter communications occur because of not only physical 
components but also because of routed and routing protocols. 


Switch broadcast domains are called VLANs. By default all ports on a switch belong to VLAN1, as 
you can verify in Example 7-8. Other VLANs can be configured to facilitate smaller broadcast 


domains and smaller spanning trees. However, traffic from one VLAN cannot pass directly to 
another VLAN, whether within a switch or between switches, without a router of some sort. 


Example 7-8. By Default All Ports Are in VLAN1 (1 Broadcast Domain) 


sw3512xl#show vlan 


VLAN Name Status Ports 


nl default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, 
Fa0/5, Fa0/6, Fa0/7, Fa0/8, 
Fa0/9, Fa0/10, Fa0O/11, Fa0/12, 


Gi0/1, Gid0/2 


LOO2 Ldagi=-deraure active 
1003 token-ring-default active 
1004 fddinet-default active 
LO0S: Ernec=defaule active 


!!!these are the default or reserved vlans 


VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Transl Trans2 
id enet 100001 1500 = = = = = 1002 1003 
1002 fddi 101002 L500. = = == = = i 1003 


L003 tr 101003 1500 1005 0 = = esrb Al 1002 


1004 fdnet 101004 1500 = = ul 16m: = 0 0 


1005 trnet 101005 L500. = = iL. iom. = 0 0 


sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 
il default active 28 Hy ee 
Z2/1=12 
1002 fddi-default active 29 
1003 token-ring-default active 32 
1004 fddinet-default active 30 
LOOS trnet=-déefault active aL 


Example 7-8 displays a couple of sections. The first section is a quick status of the VLANs and 
the associated ports on the 3512XL. The second section displays the default VLANs, including the 
maximum transmission unit (MTU) size and other Token Ring and FDDI parameters. The second 
section is not shown for the CatOS 2900, but all ports are in VLAN 1 by default. 1002 FDDI and 
1003 TRCRF are reserved for FDDI and Token Ring transparent bridging; whereas 1004 FDNET 
and 1005 TRBRF are reserved for Token Ring and source route bridging. Although the default 
reserved VLANs can't be removed, they can be modified (as you can prove by trying to clear one 
of the defaults). If | were to type clear vlan 1002 on the 2900 right now, for example, it would 
tell me that the VLAN needs to be within the range of 2 to 1000. 


Understanding what VLANs are and how they work is half the battle of supporting them. Think of 
a physical switch or switches that are divided up into logical bridges to assist with broadcasts. 
Logical bridges or broadcast domains, more often referred to as VLANs, are possible within or 
between switches, as you can see in Figure 7-2. 


Figure 7-2. VLANs Are Logical Bridges 


sw1 


12 34 5678 


Red VLAN Green VLAN Blue VLAN 


sw2 


RSM 


NOTE 


If you have more VLANs in your lab scenario, at this point you may need to clear them 
or delete flash: vian.dat to completely remove them. My devices are in the out-of-the- 
box default VLAN Trunking Protocol (VTP) server mode and default to I nter-Switch Link 
(ISL) encapsulation. (Your equipment may vary.) You might need to change your 
boxes to server mode or change the encapsulation to follow along and understand. 


Figure 7-2 illustrates two switches where ports are logically grouped into three different VLANs: 
RED, GREEN, and BLUE. The RED VLAN members are able to talk to others within the same 
VLAN (subnet). The GREEN VLAN members are able to talk to others within the same VLAN 
(subnet). The BLUE VLAN members are able to talk to others within the same VLAN (subnet). 
Although the VLANs are isolated from one another, intra- VLAN communications can occur. Intra- 
VLAN traffic can occur within or between the switches because the trunk carries RED, GREEN, 
and BLUE VLAN traffic. However, inter-VLAN communications such as RED to GREEN, RED to 
BLUE, GREEN to BLUE, and so on are not possible without some Layer 3 decisions because each 
VLAN is a separate subnet. The Route Switch Module/ Multilayer Switch Feature Card 
(RSM/MSFC) (router blade) in Figure 7-2 is one way of supporting VLAN-to-VLAN 
communications. It uses a separate physical or logical interface for each VLAN to support the 
inter-VLAN routing function. By logically grouping the ports on a switch or among different 
switches, you can virtually create separate bridges within a switch and have a router route the 
packets between them. Next, | want to look into some of the practical advantages to using 
VLANs. 


VLAN Advantages 


The following are some advantages of VLANs: 


e Security— VLANs enable you to isolate groups of users. Can you imagine a student 
adjusting a teacher's salary because they are physically on the same network? How about 
health records? Police records? 


e Segment broadcasts— If you are only talking about one particular box causing the 
majority of broadcast traffic, you should probably look at just isolating that box. If 
broadcasts come from various stations, VLANs can assist. 


e Better utilization of bandwidth— You can separate management and control traffic from 
that of the end user. Smaller spanning trees help with Layer 2 convergence. 


e Reduced latency— Smaller broadcast domains using Layer 2 devices to minimize the 
number of Layer 3 devices. 


e Easy to move users— For example, a user moves from the Sales department to the 
Engineering department. J ust associate the appropriate port with the appropriate VLAN 
instead of making wiring closet physical changes. 


As you can see, there are multiple reasons to use VLANs, and understanding them a little better 
will certainly help you keep a more stable network. 


Trial and error has proven that flat networks and end-to-end VLANs do not scale. Modern 
implementations use Layer 2 switches for the access layer and Layer 3 switches in the 
distribution and core layers. Regardless of the equipment, it is up to you and me to make sure 
end-to-end communications occur and that everyone is happy. 


NOTE 

Catalyst VLANs are very port-centric, and proper planning is critical to ease the 
maintenance thereof. For example, it is not a good VLAN design to mix control and 
management traffic with end-user traffic. You should analyze the various types of VLAN 


traffic so that you can at a minimum separate the management and control traffic from 
the user traffic. 


VLAN Traffic Types 


Types of VLAN traffic include the following: 
e Control— Protocol traffic such as Spanning Tree Protocol (STP), CDP, Dynamic Trunking 
Protocol (DTP), VTP, and Port Aggregation Protocol (PAgP) typically use VLAN1. 


e End-user— VLANs create isolation. |f one workstation goes berserk, the impact is limited 
to the user VLAN. 


e Management— Services such as telnet, Simple Network Management Protocol (SNMP), 


VLAN Membership Policy Server (VMPS), and Syslog normally use whatever VLAN that is 
assigned to the Supervisor Console (scO) port. 


Configuring VLANs 


Planning is the most important part of VLANs. VLANs are subnets and thus are part of the IP 
addressing design. Often it is helpful to have a recognizable pattern. Perhaps you might use 
something like 10.bldg.vlan.node/24 with .1, .2, and .3 reserved for Hot Standby Router 
Protocol (HSRP) and .4 through .20 for router interfaces, servers, and printers. 


NOTE 


If you attach a hub to a port assigned to a VLAN, all ports on the hub are part of the 
VLAN. 


Other things the support person should be familiar with include the fact that all ports start out in 
VLAN1. If you associate a port with a different VLAN and then delete that VLAN with clear vlan 
#, however, all ports associated with that VLAN will be in an inactive state. You can fix that by 
creating the VLANs again, which is much easier if you previously saved the configuration to a 
file. AS you configure the chapter scenario, you will experience these and other VLAN advantages 
and disadvantages. 


Start your planning and configuring using the chapter scenario VLANs in Figure 7-3. Each VLAN 
has anumber and an associated network (such as IP or |PX). VLANs are Layer 2; however, 
inter-VLAN connectivity is through routers (Layer 3). Use subnet 192.168.5.16/28 for VLANI, 
192.168.5.32/28 for VLAN10, 192.168.5.48/28 for VLAN20, and subnet 192.168.5.0/30 for the 
serial links. Create the VLANs, associate ports, and assign IP addresses using Figure 7-3 as a 
guide. Assign host default gateways using the last address (not the broadcast) for each subnet. 
UseTable 7-2 if you need more host detail. Do not configure the VLAN-to-VLAN routing or 
trunking yet. 


Figure 7-3. Chapter Scenario VLANs 


mi—2514 
12-2501 
13-3640 

sw3512XL-lOS 


VLAN10 


NOTE 

Refer to Tables 7-1 and 6-7 for assistance with 1|OS compared to CatOS VLAN 

commands. 

Table 7-2. Host Configuration 

Host IP Address Subnet Mask Gateway 
hosta (VLAN1) 192.168.5.17 255.255.255.240 192.168.5.30 
hostb (VLAN20) 192.168.5.49 255.255.255.240 192.168.5.62 
hostc (VLAN10) 192.168.5.33 255.255.255.240 192.168.5.46 


After your host configuration, create VLAN20 using the VLAN database mode as in Example 7-9. 
Payparticular attention that this is not performed from global configuration mode. The command 
to exit and apply the changes is exit. 


Example 7-9. Creating VLAN20 on the 3512XL (IOS) 


sw3512xl#vlan database 


sw3512xl1(vlan)#vlan 20 name vlan20 


VLAN 20 added: 


Name: 


vlan20 


sw3512x1 (vlan) #? 


VLAN database editing buffer manipulation commands: 


abort 


apply 


exit 


no 


reset 


show 


vlan 


vtp 


Exit mode without applying the changes 


App 


App 


ly current changes and bump revision number 


ly changes, bump revision number, and exit mode 


Negate a command or set its defaults 


Abandon current changes and reread current database 


Show database information 


Add, delete, or modify values associated with a single VLAN 


Perform VTP administrative functions. 


sw3512xl1 (vlan) #exit 


APPLY completed. 


Exiting. 


Example 7-10 continues the configuration by associating interface fa0/2 and fa0/12 with 


VLAN20. 


Example 7-10. Associating fa0O/ 2 and fa0/ 12 with VLAN20 on the 
3512XL (10S) 


sw3512x1l(config) #interface fastethernet 0/2 


sw3512x1(config-if) #switchport ? 


access 


mode 


multi 


Set access mode characteristics of the interface 


Set trunking mode of the interface 


Set characteristics when in multi-VLAN mode 


trunk Set trunking characteristics of the interface 
sw3512x1l(config-if) #switchport access vlan 20 
sw3512x1l(config-if) #interface fastethernet 0/12 


sw3512x1l(config-if) #switchport access vlan 20 


sw3512x1(config-if) #end 


Next, verify that the ports were in fact added to VLAN20 as in Example 7-11. 


Example 7-11. Verifying the VLAN Configuration 


sw3512xl#show vlan 


VLAN Name Status POrts 

al default active Fa0/1, Fa0/3, Fa0/4, 
Fa0/5, Fa0/6, Fa0/7, Fa0/8, 
Fa0/9, Fa0/10, Fa0/1l1, Gi0/1, 
Gi0/2 

20 vlan20 active Fa0/2, Fa0/12 

1002 fddi-default active 

1003 token-ring-default active 

1004 fddinet-default active 

1005 trnéet=-default active 


Don't forget to configure and verify the VLAN11P parameters for management purposes so that 
you can telnet to the device (see Example 7-12). |1n such a small lab scenario, VLAN 1 is fine. 
However, itis a better practice to use another VLAN for management purposes. 


Example 7-12. |n-band Management for the 3512XL (IOS) 


sw3512x1 (config) #interface vlanl 
sw3512x1(config-if)#ip address 192.168.5.18 255.255.255.240 
sw3512x1(config-if)#no shut 
sw3512x1l(config-if) #end 
sw3512xl#copy running-config startup-config 
sw3512xl#show interface vlanl 
VLAN1 is up, line protocol is up 
Hardware is CPU Interface, address is 00d0.7968.8480 (bia 00d0.7968.8480) 


Internet address is 192.168.5.18/28 


10S offers Layer 3 interfaces and Layer 2 ports or switchports. To convert the interface from a 
routed interface to a switched port, you use the interface command switchport mode access. 
This sets the port as an access port rather than a trunk port. On many devices, the interface 
range command enables you to do this to lots of ports simultaneously interface range 6/ 1-24, 
7/ 1-12. The command enables you to configure ports 1 through 24 on module 6 and ports 1 
through 12 on module 7 all at once. These switchports default to VLAN1, but the switchport 
access vlanvlan# command enables you to assign the port to a particular VLAN. Because these 
ports are technically Layer 2 now, you can't assign an IP address to them directly. Instead, you 
need a separate interface to act as a routed interface for both of them. This calls for a switched 
virtual interface (SVI), which you created in Example 7-12 using the interface vilan1 command. 
You assigned it an!P address and verified it using the show interface vilan1l command. 


Next, create VLAN10 and associate the ports as in Figure 7-3 on the CatOS- based 2900 switch 
as in Example 7-13. 


Example 7-13. Creating VLAN10 and Associating the Ports on the 2900 
(CatOS) 


sw2900> (enable) set vlan 10 name vilanl0O 

Cannot add/modify VLANs on a VTP server without a domain name. 
sw2900> (enable) set vtp ? 

Usage: set vtp [domain <name>] [mode <mode>] [passwd <passwd>] 


[pruning <enable | disable>] [v2 <enable | disable> 


(mode = client | server | transparent 
Use passwd '0' to clear vtp password) 
Usage: set vtp pruneeligible <vlans> 
(vlans = 2..1000 
An example of vlans is 2-10,1000) 
sw2900> (enable) set vtp domain donna 
VTP domain donna modified 
sw2900> (enable) set vlan 10 name vlani0 
Vlan 10 configuration successful 
sw2900> (enable) set vlan 10 1/2,2/1 
VLAN 10 modified. 
VLAN 1 modified. 


VLAN Mod/Ports 


10 1/1-2 


27 1 


sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 
iL default active 5 2/2-12 
LO vlanl1o active 10 1/2 

2/1. 


Notice how Example 7-13 insisted you create a VTP domain name before you could create any 
VLANs or associate the ports. VTP is the VLAN Trunking Protocol (discussed in more detail in the 
section "Managing VLANs"). Next, set up the 2900 IP parameters to allow telnet to the box. 
Example 7-14 illustrates how to configure the Supervisor Console. 


Example 7-14. In-band Management for the 2900 (CatOS) 


sw2900> (enable) set interface scO 1 192.168.5.19 255.255.255.240 
Interface scO vlan set, IP address and netmask set. 
sw2900> (enable) set interface scO up 


Interface scO administratively up. 


After the VLAN was created, | noticed some error messages on the port in my example. 

However, the counters had never been cleared, so! cleared them and didn't notice any more 
errors. The scO port was used to assign the IP address to the CatOS-based switch like the SVI for 
the |OS-based switch. In practical application use another VLAN other than VLAN1. 


As you can verify in the previous examples, making VLANs work is a multistep process. However, 
you only created VLANs on two switches. What if you had 500? 


VLAN Membership Policy Server (VMPS) 


An alternative to manual VLAN association is the dynamic VMPS. However, it is still lots of work 
to build the initial database, which is why many choose to just go with static VLANs. The VMPS 
database is a text file residing on a TFTP server. The VMPS server reads the text file and 
remembers the data. Dynamic VLANs then look to the VMPS server for MAC lookup when it 
attaches to a port. Other Catalysts are configured as VMPS clients that communicate with the 
server over UDP port 1589 for port-to-VLAN authorization. You then use commands such as 
show vmps and show port to display the dynamic ports. Two optional Cisco tools for building 
the database include the User Registration Tool (URT) and CiscoWorks for Switched Networks 
(CWSI). URT is based on NetBIOS login information and managed with CWSI. The User Tracker 
for CWSI keeps track of individual stations on the network and automatically populates the VMPS 
server. See Cisco.com or Cisco LAN Switching (Cisco Press) by Kennedy Clark and Kevin 
Hamilton for more detail on configuring dynamic VLANs. In practical application of VLANs, static 
VLANs are by far the most common. 


NOTE 


The GARP Registration Protocol (GVRP) provides dynamic VLAN creation for | EEE 
802.1Q-compliant VLANs. GARP stands for Generic Attribute Registration Protocol. 
GVRP(802.1P) is also used for standards-based VLAN pruning. 


Thus far, you have worked with access links. Because they are designed for one VLAN only, they 
do not scale. Next, you will learn about trunking so that you see how VLANs on one switch can 
communicate with others in the same VLAN on another switch via a trunk port. 


Trunking 


Routing provides inter-VLAN connectivity, whereas trunking provides intra-VLAN connectivity. Trun 
whether between switches, from a router to a switch, or from a switch to a file server, minimize thr 
of interfaces and cables to transport multi-VLAN traffic. 


There are various methods of multiplexing VLANs in trunking: 
e Cisco 


- Ethernet—ISL or 802.1Q 
- FDDI—802.10 
- ATM—LAN Emulation (LANE) or multiprotocol over ATM (MPOA) 


e Mixed-vendor environment 


- 802.1Q 
- LANE or MPOA 


Cisco uses its own proprietary ISL and the standards-based IEEE 802.1Q for trunking. (See Figure 
However, Cisco has started to favor 802.1Q over ISL. Some newer switches such as the 2950 supp: 
802.1Q. 


Figure 7-4. Trunking 


lOS CatOS 
switchport set trunk 1/1 on 
mode trunk 


IEEE-multivendor (dot1q) 
Trunking is running multiple VLANs over one connection 


Go ahead and configure ISL trunking from the 3512XL to the 2900 using Example 7-15 and Figure 
guides. 


Example 7-15. Configuring Cisco ISL Trunking Between the 2900 and 35: 


sw3512xl1 (config) #interface fastethernet 0/11 
sw3512x1l(config-if) #switchport mode trunk 


sw3512xl1 (config-if) #end 


sw3512xl#show interfaces fastethernet 0/11 switchport 
Name: Fa0/11 

Switchport: Enabled 

Administrative mode: trunk 


Operational Mode: trunk 


Administrative Trunking Encapsulation: isl 


Operational Trunking Encapsulation: isl 
Negotiation of Trunking: Disabled 
Access Mode VLAN: 0 ( (Inactive) ) 
Trunking Native Mode VLAN: 1 (default) 
Trunking VLANs Enabled: ALL 

Trunking VLANs Active: 1,20 

Pruning VLANs Enabled: NONE 


sw3512xl#copy running-config startup-config 


ISL is the default trunking encapsulation here, but always check the port capabilities on your partic 
switch to see what is actually available. Next, configure the other end of the trunk on the 2900 Cat 


inExample 7-16. 


Example 7-16. Trunking on the 2900 CatOS 


sw2900> (enable)set trunk 1/1 on 


Port(s) 1/1 trunk mode set to on. 


sw2900> (enable) %SDTP- 


5-TRUNKPORTON:Port 1/1 has become isl trunk 


sw2900> (enable) show trunk 


Port Mode Encapsulation Status Native vlan 
iyi on asi trunking 1 

Port Vlans allowed on trunk 

17 1=10105 

Port Vlans allowed and active in management domain 

1/1 1,0 

Port Vlans in spanning tree forwarding state and not pruned 
1/1 


sw2900>show port capabilities 1/1 


Model 


Port 


Type 


Speed 


Duplex 


Trunk encap type 


Trunk mode 


Channel 


Broadcast suppression 


Flow control 


Security 


Membership 


Fast. start 


WS-X2900 


1/1 


100BaseTX 


100 


half, full 


ISL 


on,off,desirable, auto, nonegotiate 


no 


no 


no 


yes 


static, dynamic 


yes 


Rewrite no 


sw2900> (enable) 


Theswitchport mode trunk |OS command turned the fa0/11 port into a trunk, which you verified 
show interfaces fastethernet 0/ 11 switchport. Besides trunking, the preceding show commar 
displayed encapsulation and active VLANs, too. All VLANs are allowed by default, but you can remc 
with the switchport trunk allowed vlan remove11-1000 command; the numbers at the end are 
VLANs you want to remove. The commands were different for the CatOS 2900, but the effect was t 
Theshow port capabilities command is quite helpful to know what the port is capable of in terms 
duplex, encapsulation, and trunking. 


NOTE 


Notice the shaded output about DTP, which is a trunk negotiation protocol. The XL switches dc 
yet support DTP, so the switch on the other end of the trunk link must be manually set to trun 


Save your configurations and then experiment for a moment. Bounce (shut/no shut) fa0/11 on th 
Verify your VTP status on both switches as in Example 7-17. Look at your VLANs again in Example 


Example 7-17. The Result of Bouncing an Interface 


sw3512xl#copy running-config startup-—config 
sw3512x1l (config) #interface fastethernet 0/11 
sw3512x1(config-if) #shut 
sw3512x1(config-if)#no shut 
sw3512x1(config-if) #end 

sw3512xl#show vtp status 

VTP Version $2 
Configuration Revision Hee 

Maximum VLANs supported locally : 254 
Number of existing VLANs $6 

VIP Operating Mode : Server 


VTP Domain Name : donna 


VTP Pruning Mode : Disabled 


VTP V2 Mode : Disabled 
VTP Traps Generation : Disabled 
MD5 digest : Ox1F OxAF 0x58 0x06 0x31 0x48 0x80 OxD9 


Configuration last modified by 0.0.0.0 at 5-26-02 12:34:06 


sw3512xl#!!!the vtp domain name is donna yet you only set it on the 2900 


sw2900> (enable) show vtp domain 


Domain Name Domain Index VTP Version Local Mode Password 


donna 1 2 server = 


Example 7-18. Verifying VLANs 


sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 
1 default active 28 2/2-12 
10 vlanl1o active 10 1/2 

2/1 


sw3512xl#show vlan 


VLAN Name Status Ports 


al default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, 


Fa0/5, Fa0/6, Fa0/7, Fa0/8, 


Fa0/9, Fa0/10, Gi0/1, Gi0/2 


10 vianlo active 
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet=default active 


You are not imagining things. Some of your VLANs disappeared. VLAN10 is on both switches, but V 
totally disappeared. Both switches are in the VTP server mode and use revision numbers to track cl 
thus the highest revision number wins. Certainly what happened here is not what you want to hap} 
practical environment. It is recommended to have all transparent or a series of client/server boxes 
network. The penalty for using transparent mode is that you need to manually create your VLANs c 
switches. The section "Managing VLANs" discusses VTP in more detail. 


Change the 3512XL to transparent mode, configure VLAN20 once again, and verify your configurat 
Example 7-19. 


Example 7-19. Changing the 3512 to Transparent Mode 


sw3512xl#vlan database 
sw3512x1l (vlan) #vtp transparent 
Setting device to VIP TRANSPARENT mode. 
sw3512x1 (vlan) #exit 
APPLY completed. 
BXDE ING s <3 
sw3512x1l (vlan) #vtp transparent 
Device mode already VTP TRANSPARENT. 
sw3512x1l(vlan)#vlan 20 name vlan20 
VLAN 20 added: 

Name: vlan20 
sw3512x1 (vlan) #exit 


APPLY completed. 


BX LNG 2 su 


sw3512xl#show vlan 


VLAN Name Status Ports 


nl default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, Fa0/6, 
Fa0/7, Fa0/8, Fa0/9, Gi0/1, Gi0/2 
10 vlanio active 


20 vlan20 active Fa0/2, Fa0/12 


sw3512xl#copy running-config startup-config 


Note that fa0/2 and fa0/12 are the active ports for VLAN20. The port association was automatic be 
was there before. Now view the VLANs on the 2900 in Example 7-20. 


Example 7-20. Viewing the VLANs on the 2900 


sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 
i: default active 28 2/2-12 
10 vlani1o active 33 1/2204 


Perform a shut/no shut on interface fa0/11 once again and verify your VLANs as in Example 7-21. 


Example 7-21. Verifying VLANs 


sw3512x1 (config) #interface fastethernet 0/11 


sw3512x1(config-if) #shut 
sw3512x1(config-if)#no shut 


sw3512x1l(config-if) #end 


sw3512xl#show vlan 


VLAN Name Status POrts 
1 default active Fa0/1, Fa0/3, Fa0/4, 
Fa0/5, Fa0/6, Fa0/7, Fa0/8, 
Fa0/9, Fa0/10, Gi0/1, Gi0/2 
10 vlanio active 
20 vlan20 active Fa0/2, Fa0/12 
sw2900> (enable) show vlan 
VLAN Name Status IfIndex Mod/Ports, Vlans 
1 default active 28 2/2-12 
10 vlanlo active 10 1/2 
2/1 


It is correct that the 3512XL shows both VLANs because it previously learned about VLAN10 via VT 
2900, when it was in server mode. It is also correct that the 2900 only displays VLAN10 because V 
created in the 3512XL while it was in transparent mode (so VLAN20 did not get propagated throug 
VTP domain). 


Now that your switches are in a more stable state, the VLANs are configured, and the ISL trunking 
VTP information, | want to continue discussing other trunking methods. 


NOTE 


Youcannot route from VLAN to VLAN for a couple of reasons at this point, but | will revisit that 
issue and more VTP management details soon. 


Inter-Switch Link (ISL) 


ISL is a Cisco proprietary VLAN tagging method that is used only for point-to-point connections on 
that supports ISL trunking. For that matter, any trunk must be point-to-point. Although 100 Mbps 
recommended, the specifications support 10 Mbps, too. You set your trunks to ISL encapsulation. ( 
that was the default for the lab scenario switches. ) 


When a frame goes out an ISL trunk, it gets encapsulated by tagging it with a 26-byte ISL header | 
another 4-byte cyclical redundancy check (CRC) trailer. Therefore it is possible for an ISL frame to 
30 = 1548 bytes, also known as a "baby giant." |SL trunks can carry not only Ethernet traffic, but i 
Ring and FDDI due to the reserved field in the ISL header. 


Previously, you had to manually configure ISL on both ends, but DTP allows the switch to negotiate 
Frames are sent out every 30 seconds through the same multicast MAC as CDP but with a different 
Subnetwork Access Protocol (SNAP) value. The trunk modes for use with the set trunkmod#/ port 
command are on, off, desirable, auto, and nonegotiate. Do you recall the DTP message when you s 
trunk on the 2900. Look back at Example 7-16 to review it now. DTP enhances the older Dynamic | 
Switch Link (DISL) functionality in that it negotiates trunking for not only ISL, but also | EEE 802. 1( 


Because negotiation is in progress, there is room for negotiation not to occur. Things are fine when 
results are on/on because both ends are trunking. If the result is off/off, you probably are looking ¢ 
access link and not a trunk. It is when you end up with on/off or off/on that you need to investigate 
settings. Normally, desirable or auto on one side with the other side of the trunk set to on works ju 
Consider hard coding your critical links. 


Whether negotiated or hard coded, by default all VLANs can use the trunk. Create another VLAN or 
and set some trunk restrictions as in Example 7-22. 


Example 7-22. Trunk Restrictions 
sw2900> (enable)set vlan 100 


Vlan 100 configuration successful 


sw2900> (enable) show trunk 


Port Mode Encapsulation Status Native vlan 
L/i on aii trunking dl 

Port Vlans allowed on trunk 

Bai 1=1005 


Port Vlans allowed and active in management domain 


Lf 1,10,100 


Port Vlans in spanning tree forwarding state and not pruned 


1/1. 1,10 

sw2900> (enable)clear trunk ? 

Usage: clear trunk <mod/ports...> [vlans...] 
(An example of mod/ports is 1/1,2/1-12,3/1-2,4/1-12 
vlans = 2..1005 
An example of vlans is 2-10,1005) 

sw2900> (enable)clear trunk 1/1 100 

Removing Vlan(s) 100 from allowed list. 


Port 1/1 allowed vlans modified to 1-99,101-1005. 


Another method of controlling which VLANS are allowed is the set trunkmod#/ port#? command. 
options include the following: 


Usage: set trunk <mod_num/port_num> [on | off | desirable | auto | nonegotiate] [vlans] 
[trunk_type] 
(vlans = 1..1005 
An example of vians is 2-10,1005) 
(trunk_type = isl,dotlq,dot10,lane,negotiate) 


Example 7-23 illustrates first using CatOS and then using IOS for trunk restrictions. 


Example 7-23. Trunk Restrictions 


sw2900> (enable) !!!CatoOS Example 
sw2900> (enable)set trunk 1/1 on ? 
Usage: set trunk <mod_num/port_num> [on | off | desirable | auto nonegotiate 


[trunk_type] 


An example of vlans is 2-10,1005) 
(trunk_type = isl,dotlq,dot10,lane,negotiate) 
sw2900> (enable) 
sw3512xl#!!!IOS Example 


sw3512x1l(config-if) #switchport trunk allowed vlan ? 


WORD VLAN IDs of the allowed VLANs when this port is in trunking mode 
add add VLANs to the current list 
all all VLANs 


except all VLANs except the following 


remove remove VLANs from the current list 


Because the chapter scenario equipment you are using is all Cisco and uses ISL, that has been the 
far. However, dot1Q provides multivendor support. 


IEEE 802.1Q (dot1Q) 


Unlike ISL, [EEE 802.1Q offers multivendor support. As shown in Figure 7-5, ISL is more of an enci 
(external tagging) method, whereas 802.1Q is an internal frame tagging method of VLAN identifice 


Figure 7-5. ISL Encapsulation and 802.1Q Frame Tagging 


ISL 


External Header Data FCS 
Header 26 bytes 4 bytes 
and FCS 

802.1 Q DA Tag TAL FCS 
Internal Tag 


* Tag Protocol ID (TPID) — value of OxX8100 

* Priority — 8 priority levels 

* Canonical Format Indicator (CF1) (0-Canonical, 1-Non) 
* VLAN ID (VID) — VLAN membership (0-4095) 


802.1Q also allows prioritization of traffic using the Priority field within the 802.1Q tag. ISL has thr 
bits as well; they automatically map to the |P TOS field. 802.3ac extends Ethernet's frame size to ] 
to allow for the internal tag. Obviously, equipment that doesn't understand these so-called baby gi 
complains. 


802.1Q allows VLAN values up to 4095, but the Catalyst may only allow up to 1005, so in a mixed 
environment it is best practice to not go above 1005. 


Configuring 802.1Q on the Catalyst is as easy as using the following command: 


set trunkmod#/port# [on | desirable | auto nonegotiate]dotlq 


Using the commands from the ISL section, check your hardware and IOS version to see whether yc 
environment supports ISL, 802.1Q, or both. Although my lab switches default to ISL, there are ma 
switches that default to the dot1Q standard. 


EtherChannel is another method of combining multiple segments into one that | briefly mention in 
subsection. Normally if you have multiple parallel connections between the same two switches, you 
pass traffic on only one of them. (STP would put the others into blocking state, and they would pro 
redundancy but no performance advantage.) With EtherChannel, STP treats the aggregate bundle | 
connections as one logical connection and the individual ports are in forwarding state. 


EtherChannel 


EtherChannel combines multiple Fast or Gigabit segments where the speeds match into groups of t 
or eight. However, some switches and cards are less restrictive than others with the way bandwidtl 
aggregated. On the Cat6000 family, for instance, you can load share traffic on a source/destinatior 
address basis, in addition to the regular source and destination MAC method. Use the show modu 
command to see whether your switch supports EtherChannel frame distribution so that you can der 
whether MAC or IP load sharing is best for your environment. 


The EtherChannel group is known by one MAC address: that of the primary link. The primary link i: 
with the lowest MAC address, and it is used for control messages and monitoring. Recovery is very 
important. If the primary link dies, what happens? In the past, the whole group would die. Now, in 
kbps, and 6 kbps switches, the link with the next lowest MAC address takes over. In XL-based switi 
link with the lowest utilization at that moment takes over. In the 1900s, you can only have two link 
EtherChannel, so the one left is alone. The bundles can be configured as an EtherChannel trunk. Tr 
you configure any port in the channel, it applies to all ports. Cisco created the PAgP for channel ne 
with auto and desirable modes. 


e |f two ports are desirable, they trunk in EtherChannel. 
e Auto and desirable trunk in EtherChannel. 


e Auto and auto do not trunk because they never negotiate. 


You might run across the terms Fast EtherChannel (FEC) and Gigabit EtherChannel (BEC), which a 
Ethernet technologies leveraging off of the link aggregation provided via EtherChannel. 


Table 7-3 provides the basic commands to configure EtherChannel. For a more exhaustive list that 


to additional devices, refer to Cisco.com. 


Table 7-3. Configuring EtherChannel 


CatOS 


10S 


set port channelmod#/ ports [admin group] 


set port channelmod#/ port# mode [ on| off| desirable| auto] 
[silent| non-silent] 


interface faO/ 1 
port group 1 
interface faO/ 2 


port group 1 


On MSFC: 
interface vian1 


ip address 10.10.1.252 255.255.255.0 


interface vian 1 


ip address 10.10.1.2 
255.255.255.0 


set port channel all distribution 
{ip| mac}[source| destination| both] 


interface faO/ 1 


port group 1 distribu 


show channel group 
show channel cost 


show channel 


show etherchannel [sum 


show interfaces ethercha 


If you want to set it up, you could certainly connect the 1900 up to the 2900 or 3512XL to experim 
lab. However, be careful with switches, such as the XL series, that do not support PAgpP. It is recorr 
to disable the ports on both ends and create the port channel on the XL switch first. Next, create tk 
channel and set the mode on the CatOS box; then you can re-enable the ports. (The rest of this ch. 
the Trouble Tickets do not assume that EtherChannel is configured, however.) 


Other Trunking 


Other trunking methods are beyond the scope of the book, but are important to you if you are usin 
ATM. To enable multiple VLANs to use an FDDI ring, 802.10 encapsulation is available. On the rout 
encapsulation type is sde. On the Catalyst, set the VLAN type to FDDI as you create your VLAN, as 


set vlanvian#type fddi 


When you create an FDDI VLAN, the switch adds 100,000 to your VLAN number to arrive at a secu 
association identifier (SAID). Verify the SAID with the show vlan command. Catalyst switches als 
LANE and MPOA for ATM trunking. 


Obviously VLANs are great in that they assist with broadcast domains to help localize traffic. Also, ' 
enable you to use more switches and fewer routers. If not set up and managed properly, however, 
result in broken networks. Common issues may include incorrect VTP modes (vanishing VLANs), ac 
access or trunk ports, encapsulation, and STP. 


Managing VLANs 


This section further discusses topics such as STP and VTP and how they affect your VLANs. For 
example, it wasn't too inspiring to lose your VLANs earlier, but it's better to have this happen in 
a lab than in a practical environment. Understanding VTP is critical to your success in supporting 
VLANs. Using the default of every switch being in the VTP server mode is chaotic to say the least. 
At most, only a few switches should be in the VTP server mode with many clients. Alternatively, 
configure them all as transparent mode. You previously learned how to control which VLANs are 
allowed on a trunk. Now you will optimize and control VLANs with pruning. 


NOTE 


An excellent tech note at Cisco.com is www.cisco.com/warp/public/473/103.html. It is 
titled "Best Practices for Catalyst 4000, 5000, and 6000 Series Switch Configuration 
and Management," and that it is. 


STP and VLANs 


The Spanning Tree Protocol was a topic in Chapter 6. However, now that you have looked at 
VLANs, you must go back and revisit how STP works with VLANs in place. The initial release of 
IEEE 802.1Q only specified a single instance of STP. However, Cisco's PVST stands for Per VLAN 
STP, which means just what it says: small spanning trees. With PVST+, Cisco allows PVST and 
Mono Spanning Tree (MST) regions to interoperate. Between PVST and PVST+, the mapping of 
spanning trees is one-to-one. Between MST and PVST+, the MST spanning tree maps to one only 
PVST in the PVST+ region. The default mapping for the Common Spanning Tree (CST) is the 
PVST of VLAN1, which is the native VLAN. MST is actually IEEE 802.1s, which is a form of | EEE 
802.1w (RSTP) that some Catalysts support via the set spantree mode mst and set spantree 
mst ? commands. 


Helpful CatOS spanning tree commands include the following: 


e show spantree ? 
e show spantreemod#/ port# 
e show spantreevlan# [active] 
e show spantree summary 
e show spantree blockedports 
e show spantree statistics 
Review the 1OS spanning-tree show commands with show spanning-tree ?.Example 7-24 


reviews the shortcut commands for viewing STP on the CatOS. When you do not specify a VLAN, 
the native VLAN1 is assumed. 


Example 7-24. Cisco's PVST 


sw2900>show spant 
VLAN 1 


Spanning tree enabled 


Spanning tree type ieee 
Designated Root 00-10-ff-e5-14-00 
Designated Root Priority 32768 
Designated Root Cost 0 
Designated Root Port 1/0 
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Bridge ID MAC ADDR 00-10-ff-e5-14-00 
Bridge ID Priority 32768 
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Port Vlan Port-State Cost Priority Fast-Start Group—-Method 
1/1 1. forwarding 19 32 disabled 
2/2 1 not-connected 100 32 disabled 
2/3 ab not-—connected 100 32 disabled 
2/4 al not-connected 100 32 disabled 
2/5 ab not-—connected 100 32 disabled 
2/6 a not-—connected 100 32 disabled 
2/7 al not-connected 100 32 disabled 
2/8 al not-—connected 100 32 disabled 
2/9 ab not-—connected 100 32 disabled 
2710 al not-—connected 100 32 disabled 
2/11 al not-connected 100 32 disabled 
2/12 1 not-connected 100 32 disabled 


sw2900> show spant 10 


VLAN 10 


Spanning tree enabled 


Spanning tree type ieee 
Designated Root 00-10-ff-e5-14-09 
Designated Root Priority 32768 
Designated Root Cost 0 
Designated Root Port 1/0 
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Bridge ID MAC ADDR 00-10-ff-e5-14-09 
Bridge ID Priority 32768 
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec 
Port Vlan Port-State Cost Priority Fast-Start Group—-Method 
ale fal 10 forwarding 19 32 disabled 
1/2 10 forwarding 19 32 disabled 
2/1 10 forwarding 100 32 disabled 


sw2900>show spant 20 


VLAN 20 does not exist. 


Example 7-25 illustrates the shortcut commands for viewing STP on the |OS. Note again that 
VLAN1 is the default if not specified. Only a few ports are shown in the output, but remember 
that the interface is the actual interface on the box and the port number in parentheses is the 
way the interface was logically calculated for STP purposes. 


Example 7-25. Cisco's PVST 


sw3512xl#show span 


Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 


Bridge Identifier has priority 32768, address 00d0.7968.8480 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 32768, address 0010.ffe5.1400 
Root port is 24, Gost of root path as 19 
Topology change flag not set, detected flag not set, changes 25 
Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 


Timers: hello 0, topology change 0, notification 0 


Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING 
Pore path.-cost. 19,.Port priority 128 
Designated root has priority 32768, address 0010.ffe5.1400 


Designated bridge has priority 32768, address 00d0.7968.8480 


Designated port is 13, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 26610, received 0 


The port is in the portfast mode 


sw3512xl#show spanning-tree vlan 10 
Spanning tree 10 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8481 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 32768, address 0010.ffe5.1409 
Root port is 24, Gost of root path is 19 
Topology change flag not set, detected flag not set, changes 15 
Times: hold 1, topology change 35, notification 2 
hello 2, max age 20, forward delay 15 


Timers: hello 0, topology change 0, notification 0 


Interface Fa0/10 (port 23) in Spanning tree 10 is FORWARDING 
POrt path cost 19, Port priority 128 
Designated root has priority 32768, address 0010.ffe5.1409 


Designated bridge has priority 32768, address 00d0.7968.8481 


Designated port is 23, path cost 19 
Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 186213, received 0 


sw3512xl#show spanning-tree vlan 20 
Spanning tree 20 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8482 
Configured hello time 2, max age 20, forward delay 15 
We are the root of the spanning tree 
Topology change flag not set, detected flag not set, changes 9 
Times: hold 1, topology change 35, notification 2 
hello 2, max age 20, forward delay 15 


Timers: hello 0, topology change 0, notification 0 


Show the spanning tree for each VLAN on each switch in your lab to get comfortable with STP 
and VLANs. Look back at Example 6-36 in the preceding chapter to review the STP port states in 
action, and be sure to review the best practices section. Feel free also to repeat any of the STP 
exercises from the preceding chapter with your current configuration. 


It is a common practice to distribute your VLAN traffic across redundant trunk links, and there 
are many ways to accomplish that. Ideally you should plan your root bridges where you can 
using the CatOS set spantree prioritypri# [ vlan#] command or the |OS spanning-tree 
priorityvlan# command and take advantage of Fast or Gigabit EtherChannel. Other STP tuning 
methods include STP path cost (set spantree portvlancost), which works with trunks from the 
same or a different switch and STP port priority (set spantree portvlanpri), which only works 
with both trunks on the same switch. Higher priority is given to lower values, such that a port 
priority of 20 would carry the VLANs over a particular trunk because it is less than the default of 
128. To configure VLAN 100, 102, and 104 to use the fa0/1 trunk under the trunk interface, use 
the following command: 


spanning-tree vlan 100 102 104 port-priority 20 


Whereas the following command would allow the fa0/2 trunk to carry VLAN 101, 103, and 105: 


spanning-tree vlan 101 103 105 port-priority 20 


With the port cost method, the commands are as follows: 


spanning-tree vlan 100 102 104 cost 30 


spanning-tree vlan 101 103 105 cost 30 


On one trunk, for example, you could set this command for all your even VLANs and on another 
trunk, you could set this for all your odd VLANs to help share the load between the trunks. This 
increases throughput capacity and offers fault tolerance for it; if one of the trunks fails, the other 
handles all the traffic. 


Certainly, by now you are comfortable with CatOS and 1OS differences, such as the fact that 
anything that starts with spanning-tree is |OS, whereas the CatOS equivalent is set spantree. 
If not, use the help (?) on both platforms and all the CatOS/IOS command tables in Part III of 
this book, "Supporting Ethernet, Switches, and VLANs," to work your way through anything. 


VLAN Trunking Protocol (VTP) 


VTP is a Cisco proprietary Layer 2 multicast messaging protocol that can make VLAN 
administration easy or put you in a state of misery depending on how you look atit. You gota 
taste of that in the chapter scenario with both switches being in the server mode. VTP enables 
you to create a VLAN and have it propagate to other switches within the same domain. VTP 
transmits messages according to the VIP mode. From a practical sense, VTP is what saves you 
and me from going to each and every switch to create VLANs. See Table 7-4 for VTP operating 
modes. 


NOTE 


VTP has nothing to do with encapsulation or trunking; it is a communications protocol 
to distribute VLAN information across a common management domain. VTP messages 
are encapsulated inside of a trunking protocol frame such as ISL or 802.1Q. 


Table 7-4. VTP Modes 


VTPMode_ | Description Storage 
Server Just as it sounds, it sources and listens for VTP messages. NVRAM. 
Create, modify, and delete VLANs within a management 
domain. 
Transparent | Does not source or listen for VTP messages but does NVRAM. 


propagate those of neighbor switches. Create, modify, and 
delete VLANs, but they are locally significant to the switch. 


Clientl#l Processes and listens for VTP messages. Cannot create, Information is not 
modify, or delete VLANs. stored in NVRAM. 


(*] When VTP clients or servers receive a message with the VTP multicast address of 01000ccccccc and a SNAP 
value of hex 2003, they process it according to revision numbers. 


Assign a CatOS- based switch to a VIP domain using the following command: set vtp domain 

vtpname. (It is CASE sEnSiTiVe). This can help divide a large network into smaller management 
domains. The command on an |OS-based switch is vtp domainvtpname in the VLAN database 
mode. 


NOTE 


If you change the domain name on one of the switches to something different and 
create VLAN30 on each switch, VLAN30 is VLAN30 regardless of the VTP name. This is 
true because the VTP domain name is not in the frame, only the number. Remember 
the type of frame here is Ethernet, and the protocols are |P and VTP. 


Now you might be saying to yourself, "| have VLANs but | am not using VTP." Well, | guess that 
is your decision to run around and create the same VLAN on every switch or do everything in the 
transparent mode because you worry about losing your VLANs. For small networks, that actually 
is a pretty good approach. On the other hand, the larger your network, the more rational you 
have to be with automating VLAN propagation by using VTP. This gets into a design issue, 
questioning how far VLANs should sprawl across the topology. Cisco now concurs that flatter is 
not necessarily better, so a given VLAN should not need to exist in very many switches. In this 
chapter, | hope you are experiencing the things that many people tend to experience first on live 
networks. Obviously, that is not the best time to learn VTP. 


NOTE 
Routers do not participate in VTP, so they ignore VTP messages and discard them at 


the router interface. Only trunk-enabled adjacent switches in the server or client mode 
actually pay attention to VIP messages. 


VTP advantages are as follows: 


e VLAN consistency throughout a management domain 


e Less manual configuration for creating and deleting VLANs, but you still need to associate 
the ports at each device 


e More control and security through a VTP domain name and passwords 
e Limits the extent of VTP message propagation 


Take a few minutes and compare the VTP header in Figure 7-6 to Table 7-5. 


Figure 7-6. Sniffing VTP 
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Table 7-5. VIP Header 


| SNAPOOOO0C 
ISL 802.3 LLCAAAAO3 | VTP2003 CRC 
26 bytes 14 3 5 4 


Sniffer clearly displays the Data Link Control (DLC), Logical Link Control (LLC), SNAP, and VTP 
headers. If you want to capture this on your own, remember to turn port monitoring on for the 
trunk and output the data to hosta, where the protocol analyzer is running. Make sure that VTP 
debug events are on and wait for the next VTP log message to appear on the console before you 
stop Sniffer as in Example 7-26. It is also helpful to make sure that you have the correct time 
and that logging and debug time stamps are turned on. 


Example 7-26. Monitoring VTP Messages 


sw3512XL (config) #service timestamps debug datetime localtime msec 
sw3512XL (config) #service timestamps log datetime localtime msec 
sw3512XL (config) #end 

sw3512XLi#clear counters 

sw3512XLi#clear log 


sw3512xl#debug sw-vlan vtp events 


vtp events debugging is on 

sw3512xl#configure terminal 

sw3512x1l(config) #interface fastethernet 0/1 
sw3512x1l(config-if)#port monitor fastethernet 0/11 


sw3512x1(config-if) #end 


sw3512xl#show port monitor 


Monitor Port Port Being Monitored 


FastEthernet0/1 FastEthernet0/11 


sw3512xl#show log 
Syslog logging: enabled (0 messages dropped, O flushes, 0 overruns) 


Console logging: level debugging, 332 messages logged 


Monitor logging: level debugging, 0 messages logged 
Trap logging: level informational, 67 message lines logged 
File logging: disabled 
Buffer logging: level debugging, 332 messages logged 
Log Buffer (4096 bytes): 
ARENT MODE (nc = false) 
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/11 - 


in TRANSPARENT MODE (nc = false) 


sw3512xl#show vlan brief 


VLAN Name Status POrts 


1 default active Fa0/1, Fa0/3, Fa0/4, 
Fa0/5, Fa0/6, Fa0/7, Fa0/8, 
Fa0/9, Fa0/10, Gi0/1, Gi0/2 


10 vlanio active 


20 vlan20 active Fa0/12, Fa0/12 


1LOO2 fdda=-déerault active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet=default active 


VTP messages always travel over the default VLAN. Figure 7-6 is an example of a VIP summary 
advertisement. Refer to Table 7-5 for VTP header information and Table 7-6 for VIP message 
types. 


The Summary Pane and DLC header of Figure 7-6 show the destination MAC address of 
01000CCCCCCC. LLC uses AA to indicate that the SNAP header follows. The SNAP header 
includes Cisco as a vendor/OUI with a type of 2003 for VTP. The VTP header includes such fields 
as the protocol version, a message type of 0x01 for the summary advertisement, the 
management domain size and name, any padding, the configuration revision number, the 
updater identity IP address, a time stamp, and an MD5 digest hash value. 


Table 7-6. VTP Message Types 


Message Description 


Summary Issued by servers and clients every 5 minutes. 
advertisements 
If higher revision number, the receiving switch issues an advertisement 
request for the new VLAN information. 


Fields include version, type, number of subnet advertisement messages, 
domain name length, managed domain name, configuration revision 
number, updater identity, update time stamp, and MD5 digest. 


Subset Issued due to changes such as creating, suspending, activating, renaming, 
advertisements or changing the MTU of a VLAN. 


One or more advertisements depending on how many VLANs. 


Advertisement When device hears of higher revision number, it asks for it. 
requests 


VTP join messages For pruning. 


The command show vtp statistics is used to track VTP activity, as you can verify in Example 7- 
27. You can compare the statistics to the VTP message types in Table 7-6 to see how many of 
each message type have been sent. Keep an eye on the "Number of config digest errors"; unless 
you have other transmit-type errors, it is a good indication that someone is trying to hack in and 
corrupt things. 


Revision numbers are critical in the VTP server mode, but not used in the transparent mode. 
They range from 0 to 2,147,483,648. The set vtp domain name command is a quick way to 
reset the counter to 0 without having to make too many changes. Remember this when you are 
adding new switches into your environment. 


The same version of VTP is needed throughout the management domain. VTP version 2 includes 
such functionality as Token Ring and various consistency checks. You can turn on version 2 with 
theset vtp v2 enable command and verify it with show vtp domain. 


Example 7-27. VTP Statistics on 1OS 


sw3512xl>show vtp ? 
counters VTP statistics 
status VTP domain status 
VTP LOG RUNTIME: Relaying packet received on trunk Fa0/11 - 
in TRANSPARENT MODE (nc = false) 
sw3512xl>show vtp counters 


VIP Statist res: 


Summary advertisements received : 8 
Subset advertisements received 3: 4 
Request advertisements received : 0 
Summary advertisements transmitted : 1 
Subset advertisements transmitted : 1 


Request advertisements transmitted : 0 


Number of config revision errors : 0 
Number of config digest errors : 0 
Number of Vl summary errors : 0 


VIP pruning statistiesi: 
Trunk Join Transmitted Join Received Summary advts received from 


non-pruning-capable device 


Fa0/11 iL 0 0 


sw3512xl>show vtp status 


VTP 


Version 


Configuration Revision 


Maximum VLANs supported locally 


Number of existing VLANs 


VIP 


VTP 


VIP 


VIP 


VTP 


MD5 


Operating Mode 


Domain Name 


Pruning Mode 


V2 Mode 


Traps Generation 


digest 


254 


Transparent 


donna 


Disabled 


Disabled 


Disabled 


Ox5F OxFF OxAC 0x3D OxF9 Ox1B 0x60 0Ox4B 


Configuration last modified by 192.168.5.18 at 12-5-02 03:25:47 


Example 7-27 displays the 1|OS VTP commands, and Example 7-28 illustrates the same for 
CatOS. 


Example 7-28. VTP Statistics on CatOS 


sw2900>show vtp ? 


Show vtp commands: 


show vtp domain 


show vtp help 


show vtp statistics 


sw2900>show vtp domain 


Domain Name 


Show VTP domain information 


Show this message 


Show VTP statistics 


Domain Index VTP Version Local Mode Password 


donna 1 2 server = 


Vlan-count Max-vlan-storage Config Revision Notifications 


6 1023 i disabled 
Last Updater V2 Mode Pruning PruneEligible on Vlans 
04.0020 disabled disabled 2-1000 


sw2900>show vtp statistics 


VTP statistics: 


summary advts received 0 
subset advts received 0 
request advts received 0 
summary advts transmitted 255 
subset advts transmitted 1 
request advts transmitted 0 
No of config revision errors 0 
No of config digest errors 0 


VIP pruning Statistics: 
Trunk Join Transmitted Join Received Summary advts received from 


non-pruning-capable device 


1/1 0 0 0 


TheExample 7-28 output ends with displaying that the 2900 in the lab is a non- pruning-capable 
device. Just like you need to prune your plants as they grow, you should prune your VLANs, too. 


VTP Pruning 


Bridges and switches are inherently designed to flood multicast or broadcast frames as well as 
frames that they don't know what to do with. With VLANs, however, you can minimize this 
flooding in more ways than one. For example, back in the "Trunking" section, you restricted 
VLANs from crossing a trunk with the CatOS clear trunkvlan# command and the switchport 
trunk allowed or remove command on IOS switches. 
You can also configure VTP pruning so that unless a frame needs to cross a trunk to get to a 
switch belonging to the same VLAN, it doesn't. This is kind of like throwing a bridge into VTP. 
Use the following CatOS commands for pruning: 

e set vtp pruning enable 

e clear vtp pruneeligiblevianrange 

e set vtp pruneeligiblevianrange 


e sh vtp domain (to check pruning results) 


NOTE 


The default VLANs are not pruning-eligible. As previously mentioned, GVRP is the |EEE 
standard way of pruning. 


| have mentioned quite a bit of information on VLANs. Take a few minutes to review some of the 
most important commands back in Table 7-1 and throughout the chapter before you continue. 
You may also find it helpful to review Table 6-7, Catalyst OS and!|OS commands, and 
commands from the quick troubleshooting checklists from the preceding chapter, too. 


In summary, there are three main steps for working VLANs: 


1. Define and create a VTP domain: 
set vtp domainname (up to 32 characters, cASE sEnSiTiVe) 
show vtp domain 


Only trunk-connected switches learn the VTP domain, unless of course they were already 
configured with another VTP domain. 


DTP includes the VTP domain name in the trunk negotiation, so two different domain names 
will not trunk. 


Set the mode to server, transparent, or client. However, the domain name is not required if 
in transparent mode. 


2. Create the VLAN. 


3. Associate ports with the VLAN. 


Now that you understand the requirements for intra- VLAN connectivity, | want to spend some 


time with how you can use routers to enable you to communicate from one VLAN to another. 


Inter-VLAN Routing 


There are three different ways to perform inter-VLAN routing. If you have the luxury of an 8500 or 
12000 GSR, assigning an individual port to each VLAN is an optimal solution. If not, you can trunk 
between a switch and a Fast Ethernet router interface by taking advantage of subinterfaces. 
Alternatively, RSMs on Cat5000/5500 or MSFCs on Cat6000/6500 work just fine. This means you a 
inserting a router on acard into a Catalyst slot in which you session into the module number. My lé 
hardware lends itself more toward the router-on-a-stick approach. If you are using one of the othe 
methods, however, you can find some great examples at Cisco.com. 


Router on a Stick 


Figure 7-7 illustrates the router-on-a-stick scenario in which r3 looks like a lollipop coming off of tt 
switch. The "stick" is the physical interface on the router acting as a trunk for the inter- VLAN 
communications. The main fa0/2 interface on the router is divided into logical subinterfaces to facil 
routing between VLANs. Without the subinterfaces, one physical interface would be necessary for e 
VLAN, which works great but certainly does not scale well. 


Figure 7-7. Chapter 7 Scenario (Router on a Stick) 
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VLAN10 '192.168.5, 16/28: 192.168.5.0/28 


UseFigure 7-7 as a guide to configure the IP parameters for all switches, routers, and VLANs at thi: 
time (as you see starting in Example 7-29). Also set the default gateway for all the switches to the 


routed interface for VLAN1. 


Example 7-29. Router-on-a-Stick Switch Configuration 


sw3512xl#no debug all 

All possible debugging has been turned off 
sw3512xl#configure terminal 

sw3512x1l (config) #ip default-gateway 192.168.5.30 
sw3512x1l (config) #interface fastethernet 0/10 


sw3512x1(config-if) #switchport mode trunk 


sw3512x1(config-if) #end 


sw2900> (enable) set ip route ? 

Usage: set ip route <destination> <gateway> [metric] [primary] 
(destination and gateway are IP alias or IP address in 
dot notation: a.b.c.d) 

sw2900> (enable) set ip route 0.0.0.0 192.168.5.30 


Route added. 


Now that the switches are configured to support the router- on-a-stick configuration, configure the 
as in Example 7-30. These subinterfaces are the default gateways you previously configured for yo: 
hosts. 


Example 7-30. Router-on-a-Stick r3 Configuration 


r3 (config) #interface fastethernet 2/0.1 
r3 (config-subif) #description vlanl 


r3(config-subif)#ip address 192.168.5.30 255.255.255.240 


Configuring IP routing on a LAN subinterface is only allowed if that 


subinterface is already configured as part of an IEEE 802.10 or ISL vLAN. 
r3(config-subif) #encap isl 1 


r3(config-subif)#ip address 192.168.5.30 255.255.255.240 


r3(config-subif) #interface fastethernet 2/0.10 
r3(config-subif) #description vlan 10 
r3(config-subif) #encap isl 10 


r3(config-subif)#ip address 192.168.5.46 255.255.255.240 


r3 (config) #interface fastethernet 2/0.20 
r3(config-subif) #description vlan 20 
r3(config-subif) #encap isl 20 


r3(config-subif) #ip address 192.168.5.62 255.255.255.240 


r3(config-subif) #interface fastethernet 2/0 


r3(config-if)#no shut 


r3(config-if) tend 


r3#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Serial0/0 unassigned YES unset administratively down down 
Seriall/7 unassigned YES unset administratively down down 
FastEthernet2/0 unassigned YES unset up up 
FastEthernet2/0.1 1922168:'5...30 YES manual up up 
FastEthernet2/0.10 192.168.5.46 YES manual up up 
FastEthernet2/0.20 1:92. 168% 95.62 YES manual up up 


r3#copy running-config startup-config 


The initial shaded output just means that you need to configure the ISL encapsulation before confic 
the IP address. Although not required, | think it is easier to troubleshoot later if the VLAN number . 
subinterface number match as in the example. Note how | brought all the subinterfaces up 
simultaneously by performing a no shut on the main interface. 


Don't forget to assign the IP addresses on rl and r2 as in Example 7-31. Then show the VLANs on 
see the router on a stick in action. 


Example 7-31. 1P Addresses for rl and r2 


rl(config) #interface ethernet 0 

rl(config-if)#ip address 192.168.5.34 255.255.255.240 
r1l(config-if)#no shut 

rl(config-if) #interface serial 1 

rl(config-if) #ip address 192.168.5.5 255.255.255.252 
rl(config-if)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 

r2 (config) #interface ethernet 0 

r2(config-if)#ip address 192.168.5.50 255.255.255.240 
r2(config-if)#no shut 

r2(config-if) #interface serial 0 

r2(config-if)#ip address 192.168.5.9 255.255.255.252 
r2(config-if)#no shut 

r2 (config-if) #interface serial 1 

r2(config-if)#ip address 192.168.5.6 255.255.255.252 
r2(config-if)#no shut 

r2 (config-if) #end 

r2#copy running-config startup-config 


r2#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 


Ethernet0O LOZ ..169).5 290 YES manual up up 
Serial0O L922 063..5%.9 YES manual up up 
Seriall LOZ .V63'2 55,6 YES manual up up 


rl#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O 192 .168...5%,34 YES manual up up 
Ethernetl unassigned YES unset administratively down down 
Serial0 unassigned YES unset administratively down down 
Seriall LOZ. D693 5 YES manual up up 


Use the show vlan command on r3 as in Example 7-32 to verify your router-on-a-stick scenario at 
time. 


Example 7-32. Verifying the VLAN Configuration on the Router on a Stick 
(r3) 


r3>show vlan 


Virtual LAN ID: 1 (Inter Switch Link Encapsulation) 


vLAN Trunk Interface: FastEthernet2/0.1 
Protocols Configured: Address: Received: Transmitted: 
IP TI251638 25% 30 89 73 


Virtual LAN ID: 10 (Inter Switch Link Encapsulation) 


vLAN Trunk Interface: FastEthernet2/0.10 
Protocols Configured: Address: Received: Transmitted: 
IP 1922168 «5246 0 0 


Virtual LAN ID: 20 (Inter Switch Link Encapsulation) 


vLAN Trunk Interface: FastEthernet2/0.20 


Protocols Configured: Address: Received: Transmitted: 


LP 1922 1G8)<:3: 62 0 0 


All addresses should be assigned at this point. Subnet 192.168.5.0 was used across the serial links 
get 192.168.5.4/30 and 192.168.5.8/30. J ust remember that you performed variable-length subne 
masking (VLSM) on subnet 0, so it can't be directly assigned somewhere else. 

Now that you have created the VTP domain, set up your VLANs, associated them with the correct p 


configured the router on a stick, and assigned your IP addresses, perform a little testing. Start you 
testing from hosta, which is on VLANI, and work your way outward as in Example 7-33. 


Example 7-33. Testing the Router-on-a- Stick Configuration from hosta 


C:\>remark can hosta ping the gateway? 

C:\>ping 192.168.5.30 

Panging 192.168 .5.30 wath 32 bytes of datas 

Reply from 192.168.5.30: bytes=32 time<10ms TTL=255 
Reply from 192.168.5.30: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.30: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.30: bytes=32 time<10ms TTL=255 


Ping Statistics for 192.168).5..30'3 
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark can hosta ping the 3512xl switch? 
C:\>ping 192.168.5.18 
Pinging 192.168.5.18 with 32 bytes of data: 
Request timed out. 
Reply from 192.168.5.18: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.18: bytes=32 time<10ms TTL=255 


Reply from 192.168.5.18: bytes=32 time<10ms TTL=255 


Ping Statistics for 192.168 5.18% 


Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark can hosta ping the 2900 switch? 
C:\>ping 192.168.5.19 
Pinging 192.168.5.19 with 32 bytes of data: 
Reply from 192.168.5.19: bytes=32 time=10ms TTL=60 
Reply from 192.168.5.19: bytes=32 time<10ms TTL=60 
Reply from 192.168.5.19: bytes=32 time<10ms TTL=60 
Reply from 192.168.5.19: bytes=32 time<10ms TTL=60 
Ping Statistics for 192.168 5.19% 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = 10ms, Average = 2ms 
C:\>remark can hosta ping r2s0? 
C:\>ping 192.168.5.9 
Pinging 192.168.5.9 with 32 bytes of data: 
Request timed out 
Request timed out. 
Request timed out 
Request timed out 
Ping Statistics for 192.168.5292 

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 


Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 

C:\>remark can hosta ping rl1s1? 

C:\>ping 192.168.5.5 


Pinging 192.168.5.5 with 32 bytes of datas 


Request timed out. 
Request timed out 
Request timed out 
Request timed out. 


Ping Statistics for 192.108.5453 
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 
Approximate round trip times in milli-seconds: 


Minimum = Oms, Maximum = Oms, Average = Oms 


Hosta can ping the default gateway and both switches, but not the other router interfaces. Is there 
anything in common with the ping targets that are successful? Can you spot the issue(s) here? Use 
shaded output from the preceding example, Figure 7-7, and your troubleshooting skills to assist yo 
with spotting the issue as | do in Example 7-34. 


Example 7-34. Why Can't You Ping Another VLAN? 


rl#show ip route 

Codes: C - connected, S —- static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El = OSPF external type 1, E2 = OSPF external type 2, E = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 

Gateway of last resort is not set 

192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks 
Cc 192.168.5.32/28 is directly connected, Ethernet0O 
Cc 192.168.5.4/30 is directly connected, Seriall 


rl#show ip protocols 


Hosta can ping its default gateway because it is on the same local subnet. Hosta can ping both swit 
because the management interfaces are set to VLAN1. Because hosta does not have a route to get 
other VLANs/subnets, it forwards the packets to its default gateway, which is fa2/0.1 on r3. Althou: 
has a route to get to the majority of the other subnets, remember that the Internet Control Messag 
Protocol (ICMP) packets need to return as well. rl has two directly connected routes in the routing 
but no routing protocols or static routes are configured to facilitate communicating from one netwa 
another. You should configure Open Shortest Path First (OSPF) as the routing protocol to allow inte 
VLAN routing as in Example 7-35. 


Example 7-35. Configuring OSPF for Inter-VLAN Routing 


rl#configure terminal 
rl(config) #router ospf 7 
rl (config-router) #network 192.168.5.0 0.0.0.255 area 7 


rl (config-router) #end 


rl#copy running-config startup-config 


r2 (config) #router ospf 7 
r2 (config-router) #network 192.168.5.0 0.0.0.255 area 7 
r2 (config-router) #end 


r2#copy running-config startup-config 


r3 (config) #router ospf 7 
r3 (config-router) #network 192.168.5.0 0.0.0.255 area 7 
r3(config-router) #end 


r3#copy running-config startup-config 


Now use show ip protocols and show ip route to confirm your OSPF configuration as in Example 
36. 


Example 7-36. Verifying OSPF 


r3#show ip protocols 
Routing Protocol is "ospr 7" 
Sending updates every 0 seconds 
Invalid after 0 seconds, hold down 0, flushed after 0 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list for all interfaces is not set 
Redistributing: ospf 7 
Routing for Networks: 
192.168:..5.<.0 
Routing Information Sources: 
Gateway Distance Last Update 
Distance: (default. is 110) 


r3#show ip route 


192.168.5.0/24 is variably subnetted, 5 subnets, 2 masks 


c 192.168.5.32/28 is directly connected, FastEthernet2/0.10 
Cc 192.168.5.48/28 is directly connected, FastEthernet2/0.20 
(0) 192.168:..5.8/30 


[110/3125] via 192.168.5.34, 00:02:25, FastEthernet2/0.10 
O 192 168:.5.4/30 

[110/1563] via 192.168.5.34, 00:02:25, FastEthernet2/0.10 
Cc 192.168.5.16/28 is directly connected, FastEthernet2/0.1 


r2#show ip route 


192.168.5.0/24 is variably subnetted, 5 subnets, 2 masks 
(0) 192.168.5.32/28 [110/1563] via 192.168.5;,10, O00O:02714, Serialo 
Cc 192.168.5.48/28 is directly connected, Ethernet0O 


C 192.168.5.8/30 is directly connected, Serial0 


(ey 192.168.5.4/30 is directly connected, Seriall 


O 192.168.5.16/28 [1110/1563] via 192.168.5.10, Q0:02:14, Serialo 


rl#show ip route 


192.168.5.0/24 is variably subnetted, 5 subnets, 2 masks 


(ey 192.168.5.32/28 is directly connected, Ethernet0O 

O 192.168 .5.48/28 [1210/1572] via 192..168.5.6, 00202222, Seriall 
O 192.168.5.8/30 [110/3124] via 192.168.5.6, 00:02:23, Seriall 
Cc 192.168.5.4/30 is directly connected, Seriall 

fe) 192.168..5216/28 [1110/3125] via 192.168.5.6, O00202:23, Seriall 


Example 7-24 clearly shows the issues to be related to routing. Although the VLAN configurations v 
sufficient, keep in mind that each VLAN uses a separate |P subnet. You configured the router to rot 
the VLAN traffic from one VLAN to another with the router-on-a- stick configuration. However, a rot 
protocol or static routes are still required to reach the other networks. Remember that utilities suct 
ping work in both directions with ICMP echos and replies; therefore, the packets not only need to k 
how to get to the destination, but the destination router needs a route for the return path. 


Because IP is the only protocol that you are running in this scenario, | chose OSPF as the routing 
protocol. Area 0 was not required because there is only one area. Troubleshooting OSPF first requil 
that you make sure the lower layers are alright. The show ip route and show ip protocols comn 
certainly get you started with routing issues. It is not easy to remember all the commands, but if y 
can recall show ip ospf ? and debug ip ospf adj, that certainly will help immensely with 
troubleshooting OSPF. For instance, on r3 turn on debug ip ospf adj, clear the OSPF process, and 
monitor the activity as in Example 7-37. You can either completely remove OSPF on r3 and put it b 
or just clear the OSPF process. 


NOTE 


You must use the shortened version of adj for adjacency for this command to work. If you are 
running multiple processes of OSPF on the same box, the clear ip ospf process# command 
enables you to clear them individually (to limit the impact). 


Example 7-37. Monitoring OSPF Adjacency 


r3(config)#no router ospf 7 


r3 (config) #end 


r3#debug ip ospf adj 


OSPF adjacency events debugging is on 


r3#configure terminal 


Enter configuration commands, one per line. End with CNTL/Z. 


r3 (config) #router ospf 7 


r3 (config-router) #network 192.168.5.0 0.0.0.255 area 7 
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Dec 


Dec 


seq 0x80000001 


20824 


20821 


2082 
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623% 


26232 


623° 


2» 123: 


OSPF: 


OSPE'S 


OSPF: 


OSPF: 


r3 (config-router) #end 


Interface FastEthernet2/0.1 going Up 
Interface FastEthernet2/0.10 going Up 
Interface FastEthernet2/0.20 going Up 


Build router LSA for area 7, router ID 192.168.5.62, 


r3#copy running-config startup-config 
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SSYS-5-CONFIG_I: Configured from console by console 


OSPF: 


OSPF: 


OSPF: 


OSPF: 


OSPF: 


OSPF: 


OSPF: 


OSPF: 


Rev hello from 192.168.5.34 area 7 from FastEthernet2/ 


2 Way Communication to 192.168.5.34 on FastEthernet2/ 


Backup seen Event before WAIT timer on FastEthernet2/ 


DR/BDR election on FastEthernet2/0.10 


Blece BPR 192.163.5962 


Blecte ‘DR. 192.168.9534 


Bléecte BDR 192.168..9.62 


Elect DR 192.168.5.34 


DR: 192.168.5.34 (Id) BDR: 192.168.5.62 (Id) 


Ox1B13 opt 


Dec 5 


Dec 5 


Ox12A opt 0x2 flag 


Dec 5 03:08:20.003: 
"x2 flag 0x3 len 52 
Dec 5 03:08:20.003: 


Ox12B opt 0x2 


Dec 5 


“x2 flag Oxl len 32 


Dec 5 


Ox12C opt Ox2 flag 


Dec 5 


Dec 5 


03:08:19.991: 


OSS 08c19 . 991 s 


O8208:2 19.9919: 


OB 208719. 999% 


03708219. 999: 


OS208 219.999: 


03:08:20.003: 


033082200073 


03308220 007% 


08208220 0TL? 


0320822020153 


03:08:20.015: 


state FULL 


Dec 5 


OS308 220% 263% 


seq 0x80000006 


Dec 3 

0.20 
Dec 5 
Dee: 5 


OS T0B 225.5992 


1922168...5%..50 


OSS08729 .09os 


OS 208 229% 991 2 


tlag 


OSPF: Send DBD to 192.168.5.34 on FastEthernet2/0.10 seq 0x12 


flag 0x7 len 32 


OSPF: End of hello processing 


OSPF: Rev DBD from 192.168.5.34 on FastEthernet2/0.10 seq 


Ox2 flag Ox7 len 32 mtu 1500 state EXSTART 


OSPF: First DBD and we are not SLAVE 

OSPF: Rev DBD from 192.168.5.34 on FastEthernet2/0.10 seq 
Ox2 len 92 mtu 1500 state EXSTART 

OSPF: NBR Negotiation Done. We are the MASTER 


OSPF: Send DBD to 192.168.5.34 on FastEthernet2/0.10 seq 0x12 


OSPF: Database request to 192.168.5.34 

OSPF: sent LS REQ packet to 192.168.5.34, length 36 

OSPF: Rev DBD from 192.168.5.34 on FastEthernet2/0.10 seq 
0x0 len 32 mtu 1500 state EXCHANGE 


OSPF: Send DBD to 192.168.5.34 on FastEthernet2/0.10 seq 0x12 


OSPF: Rev DBD from 192.168.5.34 on FastEthernet2/0.10 seq 


OxO len 32 mtu 1500 state EXCHANGE 


OSPF: Exchange Done with 192.168.5.34 on FastEthernet2/0.10 


OSPF: Synchronized with 192.168.5.34 on FastEthernet2/0.10, 


OSPF: Build router LSA for area 7, router ID 192.168.5.62, 


OSPF: Rev hello from 192.168.5.50 area 7 from FastEthernet2/ 


OSPF: End of hello processing 


OSPF: Rev hello from 192.168.5.34 area 7 from FastEthernet2/ 


O10: 192:.168:.5...34 
Dec 5 03:08:29.991: OSPF: Neighbor change Event on interface FastEthernet2/0.10 
Dec 5 03:08:29.991: OSPF: DR/BDR election on FastEthernet2/0.10 
Dec 5 03:08:29.991: OSPF: Elect BDR 192.168.5.62 
Dec 5 O3S08s29.991: OSPR! Blect DR 192.168.5.34 
Dec. 5S 03:08:29,991: DR? 192.168.:5.34 (Td) BDR? 192:.163:.5.62- (1d) 


Déc. 5S O3508329.9912 OSPF: End of hello. processing 


Dec 5 03:08:35.599: OSPF: Rev hello from 192.168.5.50 area 7 from FastEthernet2/ 
0.20 192.168..5.50 


r3#undebug all 


Example 7-37 reviews the hello exchange and election process for the designated router/backup 
designated router (DR/BDR). Because all the correct information was previously in your routing tak 
there isn't much troubleshooting to do here. However, always confirm adjacency and neighbors wh 
you suspect OSPF routing issues. Look at your neighbors in Example 7-38. 


Example 7-38. Verifying Your OSPF Neighbors 


r3#show ip ospf neighbor detail 


Neighbor 192.168.5.34, interface address 192.168.5.34 


In the area 7 via interface FastEthernet2/0.10 
Neighbor priority is 1, State is FULL, 6 state changes 
DR is 192.168.5.34 BDR is 192.168.5.46 
Options 2 
Dead timer due in 00:00:34 

Neighbor 192.168.5.50, interface address 192.168.5.50 
In the area 7 via interface FastEthernet2/0.20 
Neighbor priority is 1, State is INIT, 1 state changes 
DR 28: 192.168.5:50 BDR ie: 0. 0..0...0 


Options 0 


Dead timer due in 00:00:30 


Now that you have verified your routing protocols and routing tables, continue to test the chapter 
scenario. Confirm connectivity from hosta to the other hosts and the serial links between the route! 
inExample 7-39. Also determine the path taken. No matter what you are testing, ping and trace ari 
the most basic tools to get you out of the toughest situations. Example 7-39 clearly displays how hi 
can successfully ping the other hosts and remote networks. All pings and tracerts should be succes: 
this point. Continue to troubleshoot if that is not the case. 


Example 7-39. Testing from hosta 


Microsoft Windows 2000 [Version 5.00.2195] 
(cc) Copyright 1985=2000 Microsoft Corp. 
C:\>remark can hosta ping hostb? 
C:\>ping 192.168.5.49 
Pinging 192.168.5.49 with 32 bytes of data: 
Request timed out. 
Reply from 192.168.5.49: bytes=32 time<10ms TTL=127 


Reply from 192.168.5.49: bytes=32 time<10ms TTL=127 


Reply from 192.168.5.49: bytes=32 time<10ms TTL=127 
Ping Statistics for 192.168 :.5..49% 

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), 
Approximate round trip times in milli-seconds: 

Minimum = Oms, Maximum = Oms, Average = Oms 
C:\>remark can hosta ping hostc? 
C:\>ping 192.168.5.33 
Pinging 192.168.5.33 with 32 bytes of data: 
Reply from 192.168.5.33: bytes=32 time<10ms TTL=127 
Reply from 192.168.5.33: bytes=32 time<10ms TTL=127 


Reply from 192.168.5.33: bytes=32 time<10ms TTL=127 


Reply from 192.168.5.33: bytes=32 time<10ms TTL=127 


Ping SEAtIStLes for 192. 168:.5333% 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 


Approximate round trip times in milli-seconds: 
Minimum = Oms, Maximum = Oms, Average = Oms 

C:\>remark can hosta ping r2s0? 

C:\>ping 192.168.5.9 

Pinging 192.168.5.9 with 32 bytes of data: 

Reply from 192.168.5.9: bytes=32 time=20ms TTL=254 

Reply from 192.168.5.9: bytes=32 time=10ms TTL=254 


Reply from 192.168.5.9: bytes=32 time=10ms TTL=254 


Reply from 192.168.5.9: bytes=32 time=10ms TTL=254 


Ping Statistics for 192.168.5.9: 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 


Approximate round trip times in milli-seconds: 
Minimum = 10ms, Maximum = 20ms, Average = 12ms 

C:\>remark can hosta ping rl1sl1? 

C:\>ping 192.168.5.5 

Pinging 192.168 .5.5 with 32 bytes of datas 

Reply from 192.168.5.5: bytes=32 time=10ms TTL=254 

Reply from 192.168.5.5: bytes=32 time=10ms TTL=254 


Reply from 192.168.5.5: bytes=32 time=10ms TTL=254 


Reply from 192.168.5.5: bytes=32 time=10ms TTL=254 


Ping Statistics for 192. 166.5253 


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), 


Approximate round trip times in milli-seconds: 


Minimum = 10ms, Maximum = 10ms, Average = 10ms 


Notice in Example 7-40 how in all cases, tracert illustrates that r3 VLAN1 192.168.5.30 is the first | 
All VLAN traffic passes through the router on a stick to its gateway; this is fine if the traffic is not 
overwhelming. A separate router with multiple ports or an RSM/MSFC is a much more scalable solt 


to routing inter- VLAN traffic. 


Example 7-40. Testing the Packet Path 


C:\>tracert 192.168.5.49 


Tracing route to HOSTB. [192.168.5.49] 


over a maximum of 30 hops: 


1 <10 ms <10 ms <10 ms 192 


6168 5 5:30 


VA <10 ms <10 ms <10 ms HOSTB [192.168.5.49] 


Trace complete. 


C:\>tracert 192.168.5.33 


Tracing route to HOSTC [192 .168..5.33)] 


over a maximum of 30 hops: 


1 <10 ms <10: ms <10 ms 192 


6 1G8\5 5:30 


2 <10 ms <10 ms <10 ms HOSTC. [192.168.5233] 


Trace complete. 

C:\>tracert 192.168.5.9 

Tracing route to 192.168..5.9 over a 
1 <10 ms <10 ms <10 ms 192 
2 10 ms 20 ms 10 ms 192 

Trace complete. 

C:\>tracert 192.168.5.5 

Tracing route to 192.168.5.5 over a 
1 <10 ms <10 ms <10 ms 192 
2 <10 ms <10 ms <10 ms 192 
i) 10 ms 20 ms 10 ms 192 


Trace complete. 


maximum of 30 hops 


6168). 5.30 


163.5 .5:9 


maximum of 30 hops 


#168\5 53:0 


© 168\5 5.50 


168s 5:65 


Router Blades (RSM/MSFC) 


One or more RSM/MSFCs can be inserted into a modular type of switch, such as the Cat5000 or 
Cat6000. This is like inserting a router blade with its own memory and IOS into the switch as a line 
module. 


NOTE 


Although the CatOS devices automatically write the configuration to NVRAM for the main 
Supervisor module, this is not the case with the other modules, such as an RSM or MSFC, so 
remember to save your configurations at all times. 


To configure the RSM/MSFC, enter the session 15 command to take you to the router command-li 
interface (CLI). The result of the sessionmod# command is that it opens a telnet session across th 
backplane. The destination address is 127.0.0.slot# plus one. For example, slot 2 uses 127.0.0.3, ¢ 
slot 3 uses 127.0.0.4. Alternatively, use the console port. 


Unlike the router-on-a-stick configuration, RSMs/MSFCs do not use subinterfaces for VLANs. Instea 
virtual interfaces are used, such as interface vlan 1 or interface vlan 2. Because they are interfe 
you need to remember to issue a no shut on them. View the status of them using show interface 
1 or show interface vlan 2. To create the VLANs on the Supervisor module, just issue the comme 
set vianvian# ports. 


NOTE 


As far as troubleshooting RSM/MSFCs, remember they are routers on cards. Commands that 
you have used over and over, such as ping, trace, debug ip icmp, debug ip packet, and sc 
on, can be used again. 


Hot Standby Router Protocol (HSRP) 


HSRP is used in the practical environment for default gateway redundancy and can be used to take 
advantage of many paths to a given destination. Hellos are sent out to 224.0.0.2, which is the all 
routers’ multicast address. The UDP port is 1985. The basic components of HSRP include an active 
router, standby router, and a virtual router. The virtual router is what is configured on the hosts fo 
default gateway. The virtual router points to the active router when it is available. However, the sti 
router takes over after three missed hellos to the active router. 


So, how do elections work in HSRP? The preemption process allows the router with the highest pric 
to take over after three missed hellos. The default priority is 100, and if priorities are the same, the 


tiebreaker is the highest |P address. The preempt delay feature allows the router time to populate 
routing table before taking over. Use the following command where the group number is configura 
depending on your hardware: 


standbygroup#prioritypriority#preempt delay#ofseconds 


When using HSRP with VLANs, consider divvying them up to help share the load. You might have 
separate routers, a chassis with two Supervisor cards, or two separate boxes with a Supervisor eac 
redundancy. Because there is no redundancy in the chapter scenario right now, use Example 7-41 ° 
assist you with the steps of how to configure HSRP in a practical environment. The first part of the 
example illustrates the commands on one router and the second part on a redundant router. Any h 
of course would use the virtual address. 


Example 7-41. Configuring HSRP with VLANs 


RouterA Configuration 
RouterA (config) #interface vlan 100 
RouterA(config-if)#ip address 10.10.100.3 255.255.255.0 


RouterA(config-if) #standby 100 priority 120 preempt delay 5 


RouterA(config-if) #standby 100 ip 10.10.100.1 


RouterA (config) #interface vlan 101 
RouterA(config-if)#ip address 10.10.101.2 255.255.255.0 


RouterA(config-if) #standby 101 ip 10.10.101.1 


RouterB Configuration 
RouterB (config) #interface vlan 100 


RouterB(config-if)#ip address 10.10.100.2 255.255.255.0 


RouterB(config-if) #standby 100 ip 10.10.100.1 


RouterB (config) #interface vlan 101 
RouterB(config-if)#ip address 10.10.101.3 255.255.255.0 


RouterB(config-if) #standby 101 priority 120 preempt delay 5 


RouterB (config-if) #standby 101 ip 10.10.101.1 


Use the following commands to assist you with troubleshooting HSRP issues: 


e show standby ? 


e standby debug and debug condition standby ? 


NOTE 
The standards-based HSRP is Virtual Router Redundancy Protocol (VRRP). 


To gain better performance for larger networks, Cisco offers multiple route switch technologies. 


Route Switch Technologies 


Layer 3 switching is routing any way you look at it. Devices used to be more clearly 
defined—bridges and switches were Layer 2 hardware-based devices, and routers were Layer 3 
devices that performed their operations in software. That is history. However, you may hear 
others talk about routing switches and switching routers. 


Routing switches are more Layer 2-oriented with some upper-layer functionality. They use 
hardware to route, but generally don't run routing protocols. Switching routers are primarily 
Layer 3 devices that can also switch, and dorun routing protocols. Either way, hardware 
application-specific integrated circuits (ASICs) are used for switching speed and performance. 
Routers are not as slow as they once were, so this is really a moot point. 


Routing and switching are both very important concepts that allow the hierarchical design for 
campus networks. Many internetworking devices today not only provide rich Layer 2 and Layer 3 
functionality, but also upper-layer features to allow for making security and quality of service 
(QoS) decisions. 


Traditional routing uses destination-based packet forwarding according to the Layer 3 header 
addresses. The frame passes from hop to hop according to the best path, which is normally some 
function of bandwidth depending on the routing protocol. By adding a NetFlow Feature Card 
(NFFC) and enabling multilayer switching (MLS), the Cat5000 can shortcut the process and 
rewrite the frame header similar to the router. J ust as Layer 3 devices shortcut on |P addresses, 
Layer 4 devices can shortcut on port values. Shortcuts at other upper layers are often referred to 
as Application Layer switching. 


Cisco Express Forwarding (CEF) 


Back in the Chapter 1, "Shooting Trouble," the basics of routing and switching were covered. You 
reviewed how routers route to the destination network address and that they buffer and switch 
packets from the inbound interface to the outbound interface within the router. Performance is 
definitely affected by the switching type, but switching types have certainly improved over the 
years. 


Fast switching (ip route-cache) has been the default and available since the 10.x code. The 
router does a route table lookup for the first packet toward a destination and caches it so that it 
doesn't have to do a route table lookup on each and every packet. If a router actually performs a 
route table lookup on each and every packet, you can imagine the overhead. This is called 
process switching and is used when you perform such tasks as debug commands. CEF is a 
switching type whereby even the first packet gets cached because the switching is performed in 
hardware. 


CEF switching (ip route-cache cef) is now the default and has been available since the 11.x 
code. In higher-end models, such as the Cisco 12000 GSR routers and Catalyst 6500 switches 
with MSFC-2 cards, CEF is the default switching type. In the lower-end routers, CEF is an 
optional switching type and is done in software rather than hardware. You can enable CEF 
globally and then turn it off on any interfaces that are running features that may interfere with 
CEF with the following commands: 


ip cef 
interface e0 


no ip route-cache cef 


CEF uses a Forwarding Information Base (FIB) to make longest match destination- based 
switching decisions. Think of this as somewhat like the routing table for switching decisions. 

Each FIB entry points to its Layer 2 rewrite information in the adjacency table. You can read the 
FIB with the show mls entry cef command, view the contents of the adjacency table with show 
mls entry cef adjacency, and clear the adjacency table with clear adjacency. There is nothing 
to turn CEF on or off in its hardware-based form. However, no ip cef disables CEF switching 
globally in software. Use show ip cefipaddr and show adjacency [ detail] for troubleshooting. 
To see which packets were dropped or not forwarded by CEF, issue the show cef 

[dropped| not-cef-switched] command. Distributed CEF (dCEF) synchronizes the line cards to 
the adjacency table on the route processor; therefore, clear adjacency clears all. If you need to 
just clear the CEF information on a line card, use clear cef linecardslot#? instead. 


NOTE 


Like fast switching, CEF by default uses per-destination- based load sharing. However, 
you can change the default in CEF with the ip load-sharing [ per- packet][ per- 
destination] interface command. If you disable CEF, the next fastest switching type 
takes over, which is fast switching. 


Multilayer Switching (MLS) 


MLS is a book in itself, as previously mentioned, but Cisco provides this route switch technology 
on such platforms as their Cat5000 and 6000 (and now 4000). The 5000 uses the NFFC and the 
6000 uses the MSFC along with a PFC. 


MLS is a caching technique where the feature card remembers actions taken by the router to 
shortcut the router the next time. MLS does not take a Layer 2 device and turn it into a router; 
but it is an advanced form of switching that caches the Layer 3 information. 


Multilayer Switching Protocol (MLSP) packets are hello packets sent out by the router. Ona 
Cat5000, for example, this is how the NFFC learns about MLS-capable routers and their MAC 
addresses. The NFFC identifies candidate packets. It is able to do this based on pattern-matching 
routines as it looks for packets destined to the MAC addresses gleaned from the hellos. The NFFC 
identifies enable packets so that it has all the information necessary to rewrite the Layer 2 
headeras the router did for the first packet. The NFFC shortcuts future packets by rewriting the 
header itself instead of forwarding it to the router. It also has to decrement and test time to live 
(TTL) and recalculate the |P header checksum. Basically, the first packet in a flow is sent to the 
router/Layer 3 engine for a routing decision. If the frame is returned to the switch for forwarding 


(the destination is reached through another of the switch ports), the switch finishes creation of 
the cache entry and all other frames are forwarded by the switch without having to go to the 
Layer 3 engine. 


MLS relies on hardware caching to basically shortcut routing, whereas switching routers such as 
the Cat8500 rely on hardware to perform router functions. A Reduced Instruction Set Computer 
(RISC)- based CPU handles routing protocols, and intelligent line cards do CEF table lookup and 
forwarding functions. VLAN features are not directly supported on the 8500s. This is where the 
ever so popular 6000 series comes in to play. 


This chapter's scenario exposed you to VLANs and other related features in a step-by-step 
practical approach. Make sure you save all configurations and repeat any steps on which you 
need more practice. As you proved with the lab work, routers bring flexibility and scalability to 
VLANs. 


Shooting Trouble with VLANs 


This section is for you if you have ever whispered to yourself, "Where the heck are my VLANs?" 
Actually, the entire chapter is for you. Shooting trouble with VLANs requires that you understand 
Physical and Data Link Layer targets and well as normal switch and router operations. A physical 
and logical map is not just something nice to have. It is so important that | want you to take 
time now to draw a Layer 2 and Layer 3 map of your environment as it is. My drawings are in 
Figure 7-8 and Figure 7-9. 


Figure 7-8. Chapter 7 Physical Map (VLANs) 
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Figure 7-9. Chapter 7 Logical Map (VLANs) 


fa2/0.1 > 7Ay fa2/0.20 


r3 
fa2/0.10 
VLAN1 VLAN10 VLAN20 
192.168.5.16/28 192.168.5.32/28 192.168.5.48/28 
hosts 17-30 hosts 33-46 hosts 49-62 
broadcast 31 broadcast 47 broadcast 63 


Now that you have your maps, make sure you have copies of the configuration on your routers 
and switches. 


Regardless of the issue, you must continue to follow a consistent methodology, such as those 
suggested in the first part of the book, to assist you in isolating fault domains. It is probably not 
a bad idea to go back and review the Ethernet and switch beginning checklists and ending 
sections on shooting trouble. They all allude to the fact that interfaces (ports) are the main Data 
Link Layer targets. However, VLAN-to-VLAN communications involve routing, so it would be to 
your advantage to go back and review the routing chapter as well. Look at your pictures and 
other documentation to assist with end-to-end troubleshooting. 


As with anything else, you may have a software or hardware bottleneck. Know the limitations of 
your transport and your devices. Use your CCO account on Cisco.com to assist with specific error 
messages and to take a look at sample configurations. Again, all of this systematic 
troubleshooting relates back to the OSI model. Do you have power? Are the power supply and 
fans running? Are devices turned on? Do they have link lights? Green means go. Check Layer 2 
encapsulations, speed, and duplex settings. How about your route tables. Is there any filtering 
that is blocking what you are trying to do? Just keep moving up the stack. 


With VLANs in particular, beware of adding new switches and the results of the default VTP 
server mode. Use some of the diagnostic commands, such as the following: 

e show cdp neighbors 

e show ip interface brief 

e show vian 

e show vian brief 

e show vtp ? 

e show spanning-tree/ show spantree 

e show interface/ show port 

e show arp 

e show ip cache (show ip cef / show adjacency) 


e show vian statistics 


Thedebug vian packet command displays only packets with a VLAN ID that the router is not 
configured to support. This is good for address and encapsulation issues. |ssue debug span ? 
and compare to the CatOS show spantree to view STP bridge protocol data units (BPDUs) in 
action. Alternatively, experiment with the set trace commands in CatOS, which are not the 
same as but appear to resemble debug in|OS. Again, practice a limited amount of safe debug in 
a practical environment. 


Once again it is time for the chapter Trouble Tickets. The plan here is to give you several things 
to do, let you make mistakes and fix some things on your own, and to introduce other problems 
that you should have some experience with as a support person. 


Trouble Tickets 


Complete the following trouble tickets in order. Use the information and tools from this chapter 
and the previous chapters to analyze, test, and document as you go. Feel free to create your 
own Physical Layer or other problems if you need more practice in that area. Sample solutions 
are provided after this section. 


Trouble Ticket 1 


Review the VTP and VLAN configurations of both switches in their current state. Use the reload 
command on the 3512XL IOS device and the reset system command on the 2900 CatOS box to 
perform a warm boot of them. Do you anticipate any VLAN issues? 


Trouble Ticket 2 


Configure hosta or the 3512XL so that it will monitor the activity of port faO/3 to fa0/5. Turn on 
Sniffer Pro. Create VLAN30 and associate it with port fa0/3 to faO/5 on the 3512XL, but do not 
allow it to cross the trunk to the 2900. Show the VLAN database. 


Trouble Ticket 3 


Erase the configuration on the 3512XL. What is the impact on your VLAN environment? 


Trouble Ticket 4 


Paste your backup file to reload the configuration on the 3512XL. 


Trouble Ticket 5 


Change the 3512XL to VTP server mode with a domain name of donna. Create VLAN400 and 500 
on the 3512XL. Clear the configuration on the 2900. Reset the 2900 and analyze the results. 


Trouble Ticket 6 


Verify that hosta and hostc can telnet to r3. Show the configuration of r3 so that you can review 
the router-on-a-stick configuration once again. Configure an access list to only allow hosta to 
telnet to r3. Verify that other devices can still ping and trace r3. Remove the ACL after your 
testing. 


Trouble Ticket 7 


Change the password and perform a password recovery on the CatOS 2900 switch. Perform the 


same for the 3512XL1OS switch. 


Trouble Tickets Solutions 


These solutions are not always the only way to perform these tasks. Compare your results or use 
them as guidelines to help you get started. Keep in mind that your exact results may vary 
according to your hardware and software. 


Trouble Ticket 1 Solution 


This trouble ticket gives you an opportunity to review VLANs and the effect of VTP. Use the show 
vtp status and show vlan commands on the 3512XL IOS box as in Example 7-42. The show vtp 
domain, show vtp statistics, and show vlan commands should give you the same type of 
information on the 2900 CatOS box. 


Example 7-42. 10S VTP Status 


sw3512xl#show vtp status 
VTP Version <2 
Configuration Revision : 0 


Maximum VLANS supported locally : 254 


Number of existing VLANs ee 

VIP Operating Mode : Transparent 
VTP Domain Name : donna 

VTP Pruning Mode : Disabled 
VTP V2 Mode : Disabled 


sw3512xl#show vlan 


VLAN Name Status Ports 


1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/6, 


Fa0/7, Fa0/8, Fa0/9, Gi0O/1, 


Gid0/2 


LO) vlanio active 


20 vlan20 active Fa0/2, Fa0/12 


100 VLANO100 active Fa0/5 


200 vilan200 active 


sw2900> (enable) show vtp domain 


Domain Name Domain Index VTP Version Local Mode Password 
donna i. 2 server - 
Vlan-count Max-vlan-storage Config Revision Notifications 

7 1023 2 disabled 

Last Updater V2 Mode Pruning PruneEligible on Vlans 

192° 3163:.:51.19 disabled disabled 2-1000 

sw2900> (enable) show vtp statistics 

VIP statistics: 

summary advts received 0 

subset advts received 0 

request advts received 0 

summary advts transmitted 600 

subset advts transmitted Z 

request advts transmitted 0 

No of config revision errors 0 

No of config digest errors 0 

VIP pruning statistics: 

Trunk Join Transmitted Join Received Summary advts received from 


non-pruning-capable device 


Ly 0 1 0 


sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 
il default active 5 2/2-12 
10 vlanlo active 10 172 
2/1 
100 VLANO100 active pel 


After the warm system boots, you really shouldn't notice much difference—assuming you saved 
your configurations before you reloaded the boxes. You should notice some informational DTP 
messages in your log, such as the following, as the devices reload their configurations: 


sw2900> (enable) %*DTP-5-TRUNKPORTON:Port 1/1 has become isl trunk 


oe 


DTP-—5-NONTRUNKPORTON:Port 1/1 has become non-trunk 


ol? 


DTP-—5-TRUNKPORTON:Port 1/1 has become isl trunk 


oe 


DTP-5-NONTRUNKPORTON:Port 1/1 has become non-trunk 


ol? 


DTP-5-TRUNKPORTON:Port 1/1 has become isl trunk 


Compare the summary advertisements in Example 7-43 to the example prior to the reset. They 
increased because the 2900 switch is in the default VTP server mode. 


Example 7-43. Summary Advertisements 


sw2900> (enable) show vtp statistics 


VIP SEAETSE LES: 


summary advts received 0 
subset advts received 0 
request advts received 0 
summary advts transmitted 603 
subset advts transmitted 5 
request advts transmitted 0 
No of config revision errors 0 
No of config digest errors 0 


Turning off the 3512XL that was in VTP transparent mode was not detrimental to the other switch 
in the server mode or vice versa in this example. When the 3512 came back up, the shaded DTP 
message appeared to show the ISL trunk status between the two switches. Transparent mode 
means that the VLANs are local to the switch. The 3512 knew about VLAN10 and 20 before, and it 
still does. 


Trouble Ticket 2 Solution 


Port monitoring on a switch requires a little more effort on your part for setup, which in some 
ways is a level of security in itself. Example 7- 44 illustrates configuring the activity of ports fa0/3, 
fa0/4, and fa0/5 to be monitored by interface fa0/1. 


Example 7-44. Port Monitoring on the 3512XL (IOS) 


sw3512xl#show port monitor 
sw3512xl#configure terminal 
sw3512x1l(config) #interface fastethernet 0/1 


sw3512x1l(config-if)#port monitor £a0/3 


sw3512x1l(config-if)#port monitor £a0/4 
sw3512x1l(config-if)#port monitor £a0/5 


FastEthernet0/1 and FastEthernet0/5 are in different vlan 


sw3512x1l(config-if) #end 


You might or might not get a message similar to the shaded output in Example 7-44. However, 
the problem is that interface fa0/5 is in VLAN100, as you can see in Example 7-45. You can also 
remove VLAN10O0 if you didn't already. 


Example 7-45. Clearing Extraneous VLANs 


sw3512xl#show vlan brief 


VLAN Name Status Ports 


1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/6, 


Fa0/7, Fa0/8, Fa0/9, GiO/1, 


Gi0/2 
10 vianl1o active 
20 vlan20 active Fa0/2, Fa0/12 
100 VLANO100 active Fa0/5 


sw3512xl#vlan database 
sw3512x1l(vlan)#no vlan 100 
Deleting VLAN 100... 
sw3512x1 (vlan) #exit 

APPLY completed. 


Bxa CHENG « ics 


sw3512xl#configure terminal 
sw3512x1l (config) #interface fastethernet 0/1 
sw3512x1l(config-if) #port monitor £fa0/5 


FastEthernet0/1 and FastEthernet0/5 are in different vlan 


There are still issues because the port did not automatically go back to the default VLAN1 
assignment. Fix that and configure port monitoring as planned (see Example 7-46). 


Example 7-46. Port Monitoring on the 3512XL (IOS) 


sw3512x1l(config-if) #interface fastethernet 0/5 
sw3512xl(config-if)#no switchport access vlan 


sw3512x1l(config-if) #switchport access vlan 1 


sw3512x1(config-if)#no shut 


sw3512xl#show interface fastethernet 0/5 switchport 
Name: Fa0/5 

Switchport: Enabled 

Administrative mode: static access 


Operational Mode: static access 


Administrative Trunking Encapsulation: isl 


Operational Trunking Encapsulation: isl 
Negotiation of Trunking: Disabled 
Access Mode VLAN: 1 (default) 

Trunking Native Mode VLAN: 1 (default) 
Trunking VLANs Enabled: NONE 


Pruning VLANs Enabled: NONE 


sw3512xl#configure terminal 
sw3512xl1 (config) #interface fastethernet 0/1 


sw3512x1l(config-if)#port monitor £fa0/5 


sw3512xl1 (config-if) #end 


Next, you should create VLAN30 and assign the ports to be monitored (fa0/3 to 5) to this VLAN as 
inExample 7-47. 


Example 7-47. Creating VLAN30 


sw3512xl#vlan database 
sw3512x1 (vlan) #vlan 30 name vlan30 
VLAN 30 added: 

Name: vlan30 
sw3512x1 (vlan) #exit 
APPLY completed. 
BXLEGNAG s 2a 
sw3512x1 (config) #interface fastethernet 0/3 
sw3512x1l(config-if) #switchport access vlan 30 
FastEthernet0/3 is being monitored 
sw3512x1l(config-if)#interface fastethernet 0/4 
sw3512x1(config-if) #switchport access vlan 30 
FastEthernet0/4 is being monitored 
sw3512x1l(config-if) #interface fastethernet 0/5 
sw3512x1l(config-if) #switchport access vlan 30 
FastEthernet0/5 is being monitored 
sw3512x1(config-if) #end 
sw3512xl#show vlan 


VLAN Name Status Ports 


al default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, 
Fa0/6, Fa0/7, Fa0/8, Fa0/9, 


Gi0/1, Gid0/2 


10 vianlo active 
20 vlan20 active Fa0/2, Fa0/12 


30 vlan30 active 


VLAN 30 is active, but the ports do not display because you are monitoring them. Because the 
switch is in VTP transparent mode, there is no other configuration for you to perform to keep this 
VLAN local to the switch. 


For the last part of this Trouble Ticket, you were asked to display the VLAN database (see Example 
7-48). 


Example 7-48. Displaying the VLAN Database (1 OS) 


sw3512xl#vlan database 
sw3512x1 (vlan) #show 
VLAN ISL Id: 1 
Name: default 
Media Type: Ethernet 
VLAN 802.10 Id: 100001 
State: Operational 
MTU: 1500 
VLAN ISL Id: 10 
Name: vlanl0 
Media Type: Ethernet 
VLAN 802.10 Id: 100010 
State: Operational 
MTU: 1500 
VLAN ISL Id: 20 
Name: vlan20 


Media Type: Ethernet 


VLAN 802.10 Id: 100020 
State: Operational 
MTU: 1500 

VLAN ISL Id: 30 
Name: vlan30 
Media Type: Ethernet 
VLAN 802.10 Id: 100030 
State: Operational 
MTU: 1500 

VLAN ISL Id: 1002 
Name: fddi-default 
Media Type: FDDI 
VLAN 802.10 Id: 101002 
State: Operational 
MTU: 1500 
Bridge Type: SRB 
Ring Number: 0 

VLAN ISL Id: 1003 
Name: token-ring-default 
Media Type: Token Ring 
VLAN 802.10 Id: 101003 
State: Operational 
MTU: 1500 
Bridge Type: SRB 
Ring Number: 0 

VLAN ISL Id: 1004 
Name: fddinet-default 


Media Type: FDDI Net 


VLAN 802.10 Id: 101004 
State: Operational 
MTU: 1500 
STP Type: TEER 

VLAN ISL Id: 1005 
Name: trnet-default 
Media Type: Token Ring Net 
VLAN 802.10 Id: 101005 
State: Operational 
MTU: 1500 


STP Type: IBM 


Trouble Ticket 3 Solution 


Erasing the configuration on the 3512 XL does not appear to clear the VLANs in Example 7-49. 
However, deleting the vian.dat file and reloading the router does the trick in Example 7-50. 


Example 7-49. Erasing the Configuration Does Not Clear the VLANs 


sw3512xl#write erase 

[OK] 

sw3512xl#reload 

System configuration has been modified. Save? [yes/no]: n 

Proceed with reload? [confirm] 

SSYS-5-RELOAD: Reload requested 

sw2900> (enable) SDTP-5-NONTRUNKPORTON:Port 1/1 has become non-trunk 
SDTP—5-TRUNKPORTON:Port 1/1 has become isl trunk 
$DTP—5-NONTRUNKPORTON:Port 1/1 has become non-trunk 


SDTP-5-TRUNKPORTON:Port 1/1 has become isl trunk 


Example 7-50. Deleting the vian.dat File to Completely Clear the VLANs 


Switch#dir flash: 


Directory of flash: 


2 drwx 13888 Mar O1, 1993; 0030525: ‘html 
4 -rwx 7196 Mar 01 1993 00:24:15 vilan.dat 
5 -rwx 1273530 Mar 01 1993 00:02:49 ¢3500XL-c3h2s-mz-112.8.2-SA6.bin 
6 —-rwx 82475 Mar 01 1993 00:03:29 c3500XL-hdiag-mz_8_1.SA6 
224  -rwx 342 Mar 01 1993 00:04:40 env_vars 
226 —-rwx 0 Mar O01 1993 01:08:37 ‘config.text 


3612672 bytes total (1545216 bytes free) 
Switch#del flash:vlan.dat 


Delete filename [vlan.dat]? 


Delete flash:vlan.dat? [confirm] 
Switch#reload 
Proceed with reload? [confirm] 


SSYS—-5-RELOAD: Reload requested 


-.-.done Initializing C3500XL flash. 
C3500XL POST: System Board Test: Passed 
C3500XL POST: CPU Buffer Test: Passed 
C3500XL POST: CPU Notify RAM Test: Passed 
C3500XL POST: CPU Interface Test: Passed 
C3500XL POST: Testing Switch Core: Passed 
C3500XL POST: Testing Buffer Table: Passed 
C3500XL POST: Data Buffer Test: Passed 


C3500XL POST: Configuring Switch Parameters: Passed 


C3500XL POST: Ethernet Controller Test: Passed 

C3500XL POST: MII Test: Passed 

cisco WS-C3512-XL (PowerPC403) processor (revision 0x01) with 8192K/1024K bytes of 
memory. 

Processor board ID 0x16, with hardware revision 0x00 

Last reset from warm-reset 


Processor is running Enterprise Edition Software 


C3500XL INIT: Complete 
Switch>enable 
Switch#show vlan 


VLAN Name Status Ports 


ZL default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, 


Fa0/5, Fa0/6, Fa0/7, Fa0/8, 


Fa0/9, Fa0/10, Fa0O/11, Fa0/12, 


Gi0/1, Gid0/2 


1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet=default active 


The 2900 did not lose VLANs as a result of this; however, the trunk port between the 3512 and the 
2900 is obviously not working now. 


Trouble Ticket 4 Solution 


| suppose | could have had you do this prior to wiping out the configuration on the 3512XL in the 


preceding Trouble Ticket, but sometimes when you forget to do something like that, it helps you to 
always remember to do it in the future. If you didn't save your preceding configuration file, you 
should create a backup file as in Example 7-51. |f you have problems pasting, insert the 
appropriate modes into the file and use your terminal emulation program (SecureCRT Transfer 
function) to transmit the file in (because sometimes there are inconsistencies when you just paste 
the VLANs into a configuration). 


Example 7-51. Creating a Backup Configuration File for the 3512XL 


!'!!begin paste 

service timestamps debug datetime msec localtime 
service timestamps log datetime msec localtime 
hostname sw3512XL 
enable secret donna 

interface VLAN1 

ip address: 192:168:.5.18 255.255.255.240 
interface FastEthernet0/1 

description sw3512xl fa0/1 to hosta 

speed 100 

duplex full 

port monitor FastEthernet0/3 

port monitor FastEthernet0/4 


port monitor FastEthernet0/5 


port monitor FastEthernet0/11 


spanning-tree portfast 

no shut 

interface FastEthernet0/2 
description sw3512xl fa0/2 to hostb 
speed 10 

duplex half 


switchport access vlan 20 


spanning-tree portfast 

no shut 
interface FastEthernet0/3 

no shut 
interface FastEthernet0/4 

no shut 
interface FastEthernet0/5 

no shut 
interface FastEthernet0/10 
description sw3512xl fa0/10 to r3 fa2/0 
speed 100 

duplex full 

switchport mode trunk 

no shut 

interface FastEthernet0/11 
description sw3512xl fa0/11 to sw2900 1/1 
speed 100 

duplex full 

switchport mode trunk 

no shut 

interface FastEthernet0/12 
description sw3512xl fa0/12 to r2e0 
duplex half 

switchport access vlan 20 

no shut 

ip default-gateway 192.168.5.30 

no logging console 


line con 0 


logging synchronous 
stopbits 1 
line vty 0 4 
password donna 
login 
line vty 5 15 
login 
end 


!'!!lend paste 


Trouble Ticket 5 Solution 


Hopefully, after the last Trouble Ticket you remembered to back up your configuration files before 
you started. Example 7-52 shows the TFTP server backup for both switches. 


Example 7-52. Copying the Configurations to a TFTP Server 


sw3512XL#copy run tftp 

Source filename [running-config]? 

Destination IP address or hostname []? 192.168.5.17 
Destination filename [running-config]? sw3512xl-vlans 


Building: configuration. «.. 


1603 bytes copied in 0.351 secs 


sw2900> (enable) write network 
IP address or name of remote host? 192.168.5.17 
Name of configuration file? sw2900-vlans 


Upload configuration to sw2900-vlans on 192.168.5.17 (y/n) [n]l? y 


Finished network upload. (8795 bytes) 


sw2900> (enable) 


Now that the configurations are backed up, change the VTP domain name to donna, change the 
VTP mode to server, and create VLAN400 and 500 on the 3512XL as in Example 7-53. 


Example 7-53. VTP and VLAN Configuration on the 3512 XL (10S) 


sw3512xl#vlan database 

sw3512x1l(vlan)#vtp domain donna 

Changing VIP domain name from NULL to donna 
sw3512x1l(vlan)#vtp server 

Setting device to VIP SERVER mode. 
sw3512x1l(vlan)#vlan 400 name vlan400 

VLAN 400 added: 

Name: vlan400 
sw3512x1l(vlan)#vlan 500 name vlan500 
VLAN 500 added: 

Name: vlan500 
sw3512x1 (vlan) #exit 
APPLY completed. 


BX DAG) ee su 


Display the VLANs on both the |OS and CatOS boxes to compare the results as in Example 7-54. 


Example 7-54. Comparing zthe VLANs on Both Boxes 


sw3512XL#show vlan 


VLAN Name Status Ports 

nl default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, 
Fa0/6, Fa0/7, Fa0/8, Fa0/9, 
Gi0/1, Gi0d/2 

10 vianl1o active 

20 vlan20 active Fa0/2, Fa0/12 

30 vian30 active 

400 vilan400 active 

500 vlan500 active 

sw2900> (enable) 

VLAN Name Status IfIndex Mod/Ports, Vlans 

i default active 28 2/2=12 

10 vilanl0 active 33 1/2 

2/1 

20 vilan20 active 35 

30 vian30 active 36 

400 vilan400 active i 

500 vlan500 active 38 


Notice how the 2900 automatically picked up all the VLANs from the 3512XL because both devices 
are in the VTP server mode. Next, clear the configuration on the 2900 as in Example 7-55. 


Example 7-55. Clearing the Configuration on the 2900 


sw2900> (enable) clear config all 


This command will clear all configuration in NVRAM. 


This command will cause ifIndex to be reassigned on the next system startup. 


Do you want to continue (y/n) [n]? y 


System configuration cleared. 


Console> (enable) reset system 


When the 2900 resets, compare the VLANs again. You should find that the 3512XL VTP server 
mode box maintains everything it had before you reset the 2900 and that the 2900 obviously has 
no VLANs except for the default reserved ones. This scenario did not wipe out the VLANs on the 
3512XL because when you cleared the configuration on the 2900, you also reset the domain 
name, which also resets the VTP versioning. You can prove this by issuing the show vtp domain 
andshow vtp statistics commands, if you like. 


Use the TFTP server to get your configuration back for the 2900 (configure network). Do this for 
experience in a lab such as this, but you will be fighting these two boxes forever with both of them 
being in VTP server mode. What | suggest at this point is leaving the VLANs as they are on the 

3512XL. Bring the configuration back from the TFTP server and change the VTP mode on the 2900 


to VTP client so that it will learn what it needs from the VTP server. Feel free to remove VLAN30, 
400, and 500 from the VTP server. See Example 7-56 to compare the ending VLAN databases. 


Example 7-56. Correcting the VLAN Issues 


sw2900> (enable) configure network 


sw2900> (enable) set vtp mode client 
VTP domain donna modified 
sw2900> (enable) show vlan 


VLAN Name Status IfIndex Mod/Ports, Vlans 


1 default active 5 2/2-12 


10 vlanl10o active 24 1/2 


2/1 
20 vlian20 active 22. 
30 vlan30 active 23 
sw3512XL>show vlan 
VLAN Name Status POLrts 
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5, 


Fa0/6, Fa0/7, Fa0/8, Fa0/9, 
Gi0/1, Gi0/2 
10 vlanio active 


20 vlan20 active Fa0/2, Fa0/12 


Test your new VTP configuration through the same ping tests you used back in Example 7-39 to 
make sure things are working. Save all of your ending configurations to the TFTP server as r1- 
vians, r2-vlans, r3-vlans, sw3512xl-vlans, and sw2900-vlans. Also, save them as a file named 
chapter 7 ending configs using a terminal emulation program such as SecureCRT or HyperTerm. 


The point here is "VLAN wipeout." It is a great idea to fool with VLANs and VTP in a lab 
environment with every possible combination. In a practical environment, the default server mode 
isnot the best default for all your switches. Another word of caution: If you replace a Supervisor 
module with a new one that has higher revision number, you could (you will) delete all your 
existing VLANs. Make sure you reset the revision number for the Supervisor module before you 
insert it. An easy way to do this is to just reset the VTP domain name. 


Trouble Ticket 6 Solution 


You should have performed the telnet from the command prompt on hosta and hostc. It should 
have been successful. If not, you have a little more work than! intended for the Trouble Ticket. 
Example 7-57 shows the router-on-a-stick portion of the configuration. 


Example 7-57. Router-on-a-Stick Configuration 


hostname r3 


interface FastEthernet2/0 

description r3 fa2/0 to sw3512xl fa0/10 
no ip address 

no ip directed=-broadcast 

speed 100 


full-duplex 


interface FastEthernet2/0.1 

description vlanl 

encapsulation isl 1 

ip address 192.168.5.30 255.255.255.240 
no ip redirects 


no ip directed-broadcast 


interface FastEthernet2/0.10 

description vlan 10 

encapsulation isl 10 

ip address 192.168.5.46 255.255.255.240 
no. ip redirects 


no ip directed=broadcast 


interface FastEthernet2/0.20 

description vlan 20 

encapsulation isl 20 

ip address 192.168.5.62 255.255.255.240 
no ip redirects 


no ip directed-broadcast 


router ospf 7 


network 192.168.5.0 0.0.0.255 area 7 


end 


Example 7-58 illustrates the access list configuration to only allow hosta to telnet to r3. 


Example 7-58. ACL Configuration 


r3 (config) #access-list ? 
<1=99> IP standard access list 
<100=199> IP extended access: List 
<1000-1099> IPX SAP access list 
<1100-1199> Extended 48-bit MAC address access list 
<1200-1299> IPX summary address access list 
<1300-1999> IP standard access list (expanded range) 
<200-299> Protocol type-code access list 


<2000-2699> IP extended access list (expanded range) 


<300=399> DECnet access list 

<400-499> XNS standard access list 

<S00=99'9> XNS extended access list 

<600-699> Appletalk access list 

<100=7199> 48-bit MAC address access list 
<800-899> IPX standard access list 

<900=99'9> IPX extended access list 

rate=Limit Simple. rate=limit specific access list 


r3 (config) #access-list 1 ? 


deny Specify packets to reject 

permit Specify packets to forward 
r3 (config) #access-list 1 permit ? 

Hostname or A.B.C.D Address to match 

any Any source host 

host A single host address 
r3 (config) faccess—-list 1 permit 192.168.5.17 
r3 (config) #access—list 1 deny any log 
r3(config)#line vty 0 4 
r3 (config-line) #access-class 1 ? 

an Filter incoming connections 

out Filter outgoing connections 
r3(config-line) #access-class 1 in 
r3 (config-line) tend 


r3#copy running-config startup-config 


Now test out the ACL as in Example 7-59. 


Example 7-59. ACL Testing 


sw3512xl#telnet 192.168.5.30 
Trying 192.168.5.30 


° 


% Connection refused by remote host 


sw3512xl#ping 192.168.5.30 


Type escape sequence to abort. 


Sending 5, 100=byte ICMP Echos to 192.168.5.30, 


timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms 


sw3512xl#trace 192.168.5.30 
Type escape sequence to abort. 
Tracing the: route to 292..168..5.30 


1 192.168.5.30 0 msec 18 msec * 


Hosta can still successfully telnet to r3. When another host or device attempts to telnet to r3, it 
should fail. Hostc says, "Could not open a connection to 192.168.5.30." The 2900 says "Unable to 
connect," and the 3512XL says, "Connection refused by remote host." Finally, remember to 
remove the access list as in Example 7-60. Depending on the |OS version, you may need to 
remove the individual lines of code applied to the interface, too. 


Example 7-60. Removing the ACL 


r3(config)#no access-list 1 

r3 (config) #end 

r3#copy running-config startup-config 
r3#show access-lists 


v3# 


Trouble Ticket 7 Solution 


SeeAppendix B, "Troubleshooting Resources," for the solution. 


You have completed the chapter Trouble Tickets when you feel comfortable with the tasks 
assigned and the various scenarios throughout the chapter. Review or experiment in the areas 
where you need more help. Understanding and troubleshooting in a simple environment is 
certainly the foundation for understanding more complex protocols and technologies. Check your 
understanding with the chapter review questions. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


1: Compare ISL to 802.1Q. 


2: Can you change the management VLAN? 

3: Why should you use a separate management VLAN? 

4: What does a transparent mode-configured Catalyst do with a VTP update message? 

5: You incorrectly associated port 8 with VLAN8, so you issue the following command: 
clear vlan 8 to clear the port from VLAN8 and back to the default VLAN1. However, 
the port status is still showing as inactive. How can you fix this issue? 

6: The lab technician was nice enough to give you his switch to replace a production 
switch that you were having problems with. He quickly clears all the VLANs on the 
switch and hands it over to you. When you plug the switch into your network, you 
quickly realize that all your other VLANs disappear. Where did you go wrong? Is 
there anything you can do to avoid such issues? 

7: You want to verify that you configured portfast on the 3512XL port fa0/2. How can 
you accomplish this? 

8: Routing provides connectivity, whereas trunking provides 
connectivity. 

9: There are three major steps for working VLANs. What are they? 

10: Can VLANs assist with people trying to Sniff the network? 
11: In arouter-on-a-stick configuration, as in the chapter scenario, what would you 


expect to be the first hop if hosta were to tracert to hostc? 


Summary 


Shooting trouble with VLANs is no different from anything else. Always have a methodical plan. 
Know your devices and how to maneuver the CatOS and |OS. Understand routing and switching 
processes. Beware of autonegotiation of speed, duplex, trunking, and so on. Create backups. Be 
prepared for vanishing VLANs if you didn't take the appropriate VTP design up front. Know your 
VTP modes. Have physical and logical maps handy and use them to help you troubleshoot not 
only complex end-to-end problems, but simple issues, too. Isolate problem domains. Use your 
tools. 


Many things that used to be performed on routers are now performed on switches with router 
blades. Although many switches are usable the minute you take them out of the box, they are 
obviously a little more optimal if configured for the environment. Switching and VLAN targets are 
still ports and interfaces. Don't assume too much. For example, don't just try another cable or 
another port; try a known good one. 


This chapter reviewed real-world intra- and inter-VLAN communication advantages, 
disadvantages, and issues. The important topics included addressing, gateways, VTP, routing, 
and probably the one you recall the best: vanishing VLANs. The next two chapters focus on 
troubleshooting WAN issues to continue to build your troubleshooting skills. 


Part IV: Supporting the WAN 


Chapter 8 Shooting Trouble with Frame Relay 


Chapter 9 Shooting Trouble with HDLC, PPP, ISDN BRI, and Dial 
Backup 


Chapter 8. Shooting Trouble with Frame 
Relay 


Frame Relay is a Layer 2 edge technology whereby frames travel from your routers (DTE 
devices) through a series of Frame Relay switches to get to the proper destination. At the edge 
of enterprise and service provider networks, these switches are DCE devices, although this varies 
within the clouds. Frame is one of those technologies that is not only available in the United 
States, but also worldwide. The service can be carrier provided or privately owned and is a cost- 
effective alternative to leased lines. 


This chapter begins the WAN focus of this book with shooting Frame Relay troubles. It gives 
practical application to a number of objectives falling under the CCNP support guidelines and 
more. Use familiar Cisco commands and problem isolation techniques to build the chapter 
scenarios and resolve the Trouble Tickets. This chapter assumes you have a good understanding 
of protocol characteristics and a methodical troubleshooting mindset. 

With supporting the WAN, many times the battle is deciding whether the problem is in fact yours 
or whether it is a service provider issue. You will analyze real-world Frame Relay issues including 
Layer 2 and Layer 3 addressing and issues related to LMI, data-link connection identifier (DLC! ) 
assignments, mapping statements, routing protocols, and so on. Continue to identify targets and 
document the results using ping, trace, show, clear, debug, and other troubleshooting 
commands and utilities. To gain practical experience, you may follow the many figures and 
examples in this chapter or use my guidelines to build it yourself. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble with Frame Relay 
e A Brief History of Frame Relay 

e Frame Relay Frames 

e Frame Relay Addressing 

e Frame Relay at the Physical Layer 

e Shooting Trouble with Frame Relay 

e Trouble Tickets 


e Trouble Ticket Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table 1-1 in the Introduction. 


Scenario: Shooting Trouble with Frame Relay 


In the WAN world, it is always easy to blame things on someone else. Therefore, it is important to 
bit about what happens in the cloud and on the user ends so that you can narrow down the probler 
whether it is your problem, someone else's problem or a service provider issue. The goal in this firs 
to configure Frame Relay in a hybrid back-to-back configuration using rl, r2, and r3, as in Figure € 


Figure 8-1. Shooting Trouble with Frame Relay (Hybrid Back-to-Back Tc 
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ip add 192. 168.5,10... encap frame encap frame ip add 192.168.5.5., 
encap frame frame intl-type dce frame intl-type dce encap frame 
no sh frame local-dici 108 frame local-dici 104 nosh 
no sh no sh 


As always, there is not always one right or wrong way to achieve this task or tasks presented. The 
obtain the end result using good practices is extremely important in any real-world network. My 

troubleshooting and device configurations are presented starting in Example 8-1 so that you can cc 
work and perhaps see a different approach to obtaining the end result. Use the previous checklists, 
by-step troubleshooting methodology, and the Frame Relay checklist in Table 8-1 to assist in testir 


Table 8-1. Frame Relay Quick Troubleshooting Checklist 


Isolating Problems Comn 
Symp 
Check IP address, subnet mask, and routing protocols. All of these are Layer 3 or above ping 
that ride on top of Frame Relay. Keep in mind that many routing protocols are 
multicast/ broadcast, but Frame Relay is NBMAL1. trace 
show 
proto 
show 
Isolating Problems Comn 
Symp 
Check interface status and encapsulation. If the point-to-point PVCL*+] is active, for show 
example, line protocol for the subinterface is up. interf 
show 
serial 
Are you communicating with the provider? show 
relay 
Are your DLClIs active? show 
relay 
show 
relay 
clear 
relay: 
Look at PVC statistics. Monitor the Frame traffic. show 
relay 
Verify the route statements on the frame switch. show 
relay 
Watch the interface communications. debuc 
interf 
Watch the LMIL 1 handshake. debur 
relay 
Watch the packets received. debut 
relay 
Watch the packets sent. debuc 
relay 


(*] NBMA = nonbroadcast multiaccess 
[**] PVC = permanent virtual circuit 


{ 1 LMI = Local Management Interface 


Back-to-Back Frame Relay 


A Frame Relay back-to-back configuration can be quite helpful in a testing environment once you g 
Refer to Cisco.com for assistance with a true back-to-back external link Frame Relay solution using 
want you to use sort of a hybrid back-to-back situation for testing where r2 acts as a pseudo frame 
doExample 8-1. It is a good idea to confirm that things are not broken to begin with if you are star 
existing configurations. Back-to-back frame is tricky enough, however, so! want you to erase the 
configurations on the three routers and configure back-to-back frame from the beginning. 
Configure the routers starting with r2 first because it is acting as a back-to-back hub device for the 
routers (see Figure 8-1 and Example 8-1). For now just configure the bare-bones configuration wit 
descriptions or passwords to concentrate on this Layer 2 technology in action. In a practical enviro 
obviously should be a requirement. 


Example 8-1. Configuring r2 as a Pseudo Frame Switch 


Router (config) #hostname r2 

r2 (config) #frame-relay switching 

r2 (config) #interface serial 0 

r2(config-if) #bandwidth 64 

r2(config-if)#ip address 192.168.5.9 255.255.255.252 
r2(config-if) #encap frame-relay 

r2(config—-if) #frame-relay intf-type dce 

r2 (config-if) #frame-relay local-dlci 108 
r2(config-if) #no shut 

r2 (config-if) #interface serial 1 

r2 (config-if) #bandwidth 64 

r2(config-if) #encap frame 

r2(config-if) #ip address 192.168.5.6 255.255.255.252 
r2(config-if) #encap frame 

r2(config-if) #frame-relay intf-type dce 


r2 (config-if) #frame-relay local-dlci 104 


r2(config-if)#no shut 


| called r2 a pseudo frame switch because there are no frame route statements in the configuratior 
frame-relay command changed the default High-Level Data Link Control (HDLC) encapsulation on 


interfaces to Frame Relay so that you could configure the other Frame Relay parameters. Now look 
map and PVCs in Example 8-2. 


Example 8-2. Reviewing the Map and PVCs on the Frame Switch 
r2#show frame-relay map 


r2#show frame-relay pvc 


PVC Statistics for interface SerialO (Frame Relay DCE) 


DLCI = 108, DLCI USAGE = LOCAL, PVC STATUS INACTIVE, INTERFACE = Serial0 


input pkts 0 output pkts 0 in bytes 0 

out bytes 0 dropped pkts 0 in FECN pkts 0 
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 
in DE pkts 0 out DE pkts: 0 

out bcast pkts 0 out bcast bytes 0 


pvc create time 00:01:30, last time pvc status changed 00:00:53 


PVC Statistics for interface Seriall (Frame Relay DCE) 


INACTIVE, INTERFACE = Seriall 


DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS 


input pkts 0 output pkts 0 in bytes 0 

out bytes 0 dropped pkts 0 in FECN pkts 0 
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 
in DE pkts 0 out DE pkts 0 

out bcast pkts 0 out bcast bytes 0 


pve create time 00:00:31, last time pvc status changed 00:00:31 


r2#copy running-config startup-config 


|t certainly makes sense that there is no frame mapping at this point because the other ends (r1 ar 
still configured for HDLC encapsulation, the default for serial interfaces. For the same reason, the F 
inactive. The DLClIs were assigned on the main interface using the frame-relay local-dlci comma! 
theframe interface-dlici command is used when using subinterfaces with LMI provided (as discuss 
this chapter). 


NOTE 


From a support standpoint, it is good to see the bouncing PVC state from active to inactive, be 
for future reference you now know this is a good indication the other end of the PVC has not b 
configured. 


It is important to note that regardless of the physical DTE/DCE cable, Frame Relay has its own DTE 
configuration at Layer 2 as you witnessed with the frame-relay intf-type dce command for both 

r2. If you issue the show controllers command as in Example 8-3, you will see that both are phy: 
interfaces. However, the preceding example portrays them as Frame Relay DCEs. This is absolutely 
there is a Layer 1 and Layer 2 DTE/DCE with this technology. 


Example 8-3. show controllers for the Physical DTE 


r2#show controllers s 0 

HD unit 0, idb = Ox107EAC, driver structure at 0x10D340 
buffer size 1524 HD unit 0, V.35 DTE cable 

cpb = 0Oxl, eda = 0x48DC, cda = 0x48FO0 


RX ring with 16 entries at 0x4014800 


r2#show controllers s 1 
HD unit 1, idb = 0x111648, driver structure at 0x116AE0 
buffer size 1524 HD unit 1, V.35 DTE cable 


cpb = 0x2, eda = 0x3104, cda = 0x3118 


NOTE 


On a practical note, generating clock is also a Layer 1 DCE function and Layer 2 is not concerr 
clocking. 


Next configure rl to communicate to r2 using Frame Relay as in Example 8-4. Turn on debug sery 


timestamps and logging. Clear the counters to make sure you start your troubleshooting from thi: 
necessary. Feel free to turn on logging synchronous, too. Because this is a lab, just before you b 
interface turn on keepalive debugging to watch the goings-on. 


Example 8-4. Back-to-Back Frame Relay r1 Configuration 


Router (config) #hostname r1 

rl(config) #service timestamps debug datetime localtime msec 
rl(config) #service timestamps log datetime localtime msec 
r1(config) #exit 

rl#clock set 5:21:00 Dec 9 2002 

rl#clear counters 

rl#configure terminal 

rl(config) #line console 0 

rl (config-line) #logging synchronous 

rl (config-line) #interface sl 

rl(config-if) #bandwidth 64 

rl (config-if) #clock rate 64000 

rl(config-if)#ip address 192.168.5.5 255.255.255.252 
rl(config-if) #encap frame 


rl (config-if) #end 


rl#debug frame-relay lmi 

Frame Relay LMI debugging is on 

Displaying all Frame Relay LMI data 

rl#configure terminal 

rl(config) #interface sl 

rl(config-if)#no shut 

Dec 9 05:25:31.487: SLINK-3-UPDOWN: Interface Seriall, changed state to up 
Dec 9 05:25:31.527: Seriall(out): StEng, myseq 1, yourseen 0, DTE up 


Dec 9 05:25:31.531: datagramstart = OxE22EA4, datagramsize = 14 


Dec 9 05225231. 
Dec 9 05:25:31. 
Dec. 9 O5:225¢31. 
Dec. 9 O5:25231. 
Dec: 9 05225231. 
Dec 9 05925231. 
Dee. 9 05225331. 
Dec 9 05:25:31. 
Dec 9 O5225731. 
Dee 9 O5:25731. 
Dee 9 05225231. 
Dee 9 O5925331.. 
Dec: 9 O5¢25¢31. 
Dec 9 05:25:31. 
Dee 9 O5225231.. 
Dec 9 O5:25231. 
Dec 9 O5225731.. 
Dec 9 O5:25731. 
to DELETED 
Dec 9 05:25:41. 
to DELETED 
Dec 9 05:25:42. 
changed state 
Dec 9 05:26:31. 
Dee 9 O5526:31-. 
Dec. 9 O5:26731. 


Dok 


DIOS 


cope ae ie 


539% 


543: 


543: 


547: 


Dols 


Soe 


Sob 


DOO 


D00:5 


Doo 


OT dis 


DTDs 


Sie 


oro 


Se 


607: 


OL oe 


to up 


543: 


547: 


547: 


FR encap = 0x00010308 


OO 7S) 95-0 Ot 00 03-02, OL. "00 


Seriall(out): StEnq, myseq 1, yourseen 0, DTE up 
datagramstart = OxE22EA4, datagramsize = 13 

FR encap = 0x00010308 

00 75-51 OL. C0 53 02° 01 00 

Seriall(out): StEnq, myseq 1, yourseen 0, DTE up 
datagramstart = OxE22EA4, datagramsize = 13 

FR encap = 0xFCF10309 


OO 7S 501 02 00-03 02 OL 00 


!'!Inext is the full status from the frame switch 


Seriall(in): Status, mysegq 1 

RT IE 1, length 1, type 0 

KA IE 3, length 2, yoursegq 1, myseq 1 

PVC IE Ox7 , length 0x6 , dlci 104, status 0x4 , bw 0 


SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed 


SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed 


SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


Seriall(in): Status, myseq 7 


RT IE 1, length 1, type 0 


KA IE 3, length 2, yourseq 7 , myseq 7 


Dec 9 05:26:31.551: PVC IE 0x7 , length 0x6 , dlci 104, status 0x2 , bw 0 

rl (config) # 

Dec 9 05:26:31.551: %SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed 
to ACTIVE 

rl (config) #end 


rl#undebug all 


On rl it was only necessary to turn on Frame Relay encapsulation. Everything else was accomplish 
default Inverse Address Resolution Protocol (Inverse ARP) activity. Review the keepalive activity w 
debug frame-relay Imi command. Notice the status inquiries going out from rl to r2 (frame swit« 
every 10 seconds. After six inquiries, the switch returns the DLClIs in a full status message. This is ° 
LMI exchange between the local router and the Frame Relay carrier. 


Regardless of troubleshooting the LAN or the WAN, show ip interface brief is still a quick way to 
interface status, as | do in the next example. View the interfaces, the Frame Relay mapping, and p 
end of the PVC as in Example 8-5. 


Example 8-5. rl Testing 


rl#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0 unassigned YES unset administratively down down 
Behernet 1 unassigned YES unset administratively down down 
Serial0d unassigned YES unset administratively down down 
Seriall 1:92 2168 .55:5 YES manual up up 


rl#show interfaces sl 
Seriall is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.5.5/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) 


LMI enq sent 92, LMI stat recvd 93, LMI upd recvd 0, DTE LMI up 


LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 


LMI DLCI 1023 LMI type is CISCO frame relay DTE 


DCD=up DSR=up DTR=up RTS=up CTS=up 
rl#show frame-relay map 
Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), dynamic, 
broadcast,, status defined, active 
rl#ping 192.168.5.6 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms 
rl#show frame-relay pvc 


PVC Statistics for interface Seriall (Frame Relay DTE) 


DLCI = 104, DLCI USAGE = LOCAL, PVC STATUS ACTIVE, INTERFACE = Seriall 


input pkts 5 output pkts 5 in bytes 520 
out bytes 520 dropped pkts 0 in FECN pkts 0 
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 
in DE pkts 0 out DE pkts 0 

out bcast pkts 0 out bcast bytes 0 


pvc create time 00:15:17, last time pvc status changed 00:15:18 
rl#show interface sl 
Seriall is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.5.5/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) 


LMI enq sent 6, LMI stat recvd 6, LMI upd recvd 0, DTE LMI up 


LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 
LMI DLCI 1023 LMI type is CISCO frame relay DTE 
FR SVC disabled, LAPF state down 


rl#copy running-config startup-config 


The output clearly shows that show ip interface brief is a quick check of the layers; however, shi 
interfaces s1 provides more Frame Relay details for the interface. For example, the shaded lines « 
only the IP address but also the subnet mask and the LMI keepalive activity. The encapsulation is f 
default LMI type of Cisco is talking over DLCI 1023. The status inquiries sent (out) are equal to the 
received (in), and you are looking at the Frame Relay DTE end of the PVC. 


The example output also illustrates ping to be successful and rightly so. Think of the Frame Relay F 
PVC pipe that carries water from one end to the other. The Frame PVC transports variable-length fi 
the source network to the destination network through the service provider cloud. 

Frame Relay maps a Layer 2 DLCI to a Layer 3 network address, such as IP, IPX, or AppleTalk for ¢ 
When you view your ending running configuration, note the individual protocols spelled out for Fra 
The default method of doing this Layer 2-to-Layer 3 dynamic mapping is by a process called Invers 
verified the mapping with the show frame-relay map command in the preceding example. Each I 
the DLCI number assigned, the usage of local compared to global, with a status of dynamic compa 
The DLCI number is shown in decimal, hex, and what you might expect to see on the wire. The oth 
statistics are quite helpful in supporting Frame Relay, and you will experience them more throughoa 
chapter. 


Now configure and test r3 as in Example 8-6 to finish up your hybrid back-to-back chapter scenarii 
Frame Relay event debugging to watch the major happenings. 


Example 8-6. r3 Hybrid Back-to-Back Configuration 


Router (config) #hostname r3 

r3 (config) #service timestamps debug datetime localtime msec 
r3 (config) #service timestamps log datetime localtime msec 
r3 (config) #end 

r3#clock set 5:50:00 Dec 9 2002 

r3#clear counters 

r3 (config) #line console 0 

r3(config-line) #logging synchronous 


r3(config-line) #interface s0/0 


r3(config-if) #bandwidth 64 


r3(config-if) #clock rate 64000 


r3(config-if) #ip address 192.168.5.10 255.255.255.252 


r3(config-if) #encap frame 


r3(config-if)#no shut 


r3(config-if) tend 


r3#copy running-config startup-config 


r3#debug frame-relay events 


Frame Relay events debugging is on 
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r3#undebug all 


O99 


L355 


135: 


BS Bo 


39% 


LOS 


LO: 


SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, ch 


SFR-5-DLCICHANGE: Interface Serial0/0 - DLCI 108 state change 


Serial0/0: FR ARP input 


datagramstart = 0x240034E, datagramsize = 30 
FR encap = 0x18C10300 
80 00 00 00 08 06 00 OF 08 00 02 04 00 09 00 O00 


CO A8 05 09 18 C1 CO A8 O05 OA 


r3#copy running-config startup-config 


r3#show frame-relay map 


Serial0/0 


(up): 


ip 192.168.5.9 dlci 108(0x6C,0x18C0), dynamic, 


broadcast,, status defined, active 


r3#ping 192.168.5.9 


Type escape sequence to abort. 


Sending 5, 


100-byte ICMP Echos to 192.168.5.9, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms 


Configuring r3 was as simple as configuring rl because you used the default Inverse ARP once aga 
shaded output of the show frame-relay map statement shows dynamic for this. The ping to r2 sh 
successful. 


Save your configurations to a file named hybrid back-to-back frame relay in case you want to quick 
the back-to-back configuration. 


NOTE 


There is not just one way to configure back-to-back Frame Relay. Research the topic at Cisco.: 
try some of the other configurations. 


In most real-world WAN applications, you configure the user ends of the PVCs that connect throug} 
a hub- and-spoke topology using subinterfaces. You will get plenty of practice configuring and trout 
Frame Relay using subinterfaces throughout this chapter and in the practical environment. | want t 
attention to using a router as a Frame Relay switch to get started. 


Using a Router as a Frame Relay Switch 


Many of the Cisco-certified classes have you work with Frame Relay but not all of them have you a 
this from a service provider perspective with building the frame switch. My purpose in configuring i 
the frame switch is so that you understand the cloud. What happens inside the mysterious Frame F 
really just passing the frames through some more switches depending on what the service provide! 


Use the following steps to set up a router as a Frame Relay switch: 


1. Give the frame switch a hostname. 
2. Turn on Frame Relay switching. 
3. Configure bandwidth. 
4. Configure clock rate if physical DCE. 
5. Configure encapsulation. (Default is cisco, or you can set to iettf. ) 
6. Configure LMI type. (Default is cisco, or you can set to ansi or q933a.) 
7. Configure frame interface type. (Default is dte, or you can set to dce.) 
8. Configure frame route statements. 
9. Troubleshoot the frame switch as needed: 
show frame-relay route 


show frame-relay Imi 


show frame-relay pvc 
show ip interface brief 


no shut 


Instead of completely erasing r2, modify it so that it is a frame switch as in Figure 8-2 and Exampl 


Example 8-7. Configuring r2 as a Frame Switch 


r2 (config) #hostname frame switch 
% Invalid input detected at '*' marker. 
r2 (config) #hostname frame-switch 
frame-switch (config) #interface sO 
frame-switch(config-if) #encap frame 
frame-switch(config—-if) #frame-relay route ? 
<16-1007> input dlci to be switched 
frame-switch(config—-if) #f£rame-relay route 108 ? 
interface outgoing interface for pvc switching 
frame-switch(config—-if) #£rame-relay route 108 interface sl ? 
<16-1007> output dlici to use when switching 
frame-switch(config—-if) #f£rame-relay route 108 interface sl 104 ? 
<Cr> 
frame-switch(config—-if) #£rame-relay route 108 interface sl 104 
frame-switch(config-if) #interface sl 
frame-switch(config-if) #encap frame 
frame-switch(config-if) #frame route 104 interface sO 108 
frame-switch (config-if) #end 


frame-switch#copy running-config startup-config 


Figure 8-2. Configuring r2 as a Frame Switch 
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Becauseframe-relay switching and frame-relay intf-type dce are already on from the back-to- 
scenario, the frame relay route commands are really all you need to make r2 a true Frame Relay 
These statements are interface configuration commands. Here, you route what comes in interface s 
108 out interface s1 as DLC! 104. For the other PVC, start at interface s1 to route what comes in s( 


104 out interface sO as DLCI 108. 


You may not have removed the |P addresses from the previous exercise; a frame switch does not r 
addresses. In the future, you should be able to recognize whether you have an output for the shov 
relay map command on the frame switch as in Example 8-8. Fix this now and verify the frame swi 
show frame-relay route command. Feel free to remove the local DLCI statement from the prece 


exercise, too, because it is no longer required. 


Example 8-8. Verifying the Frame Switch 


frame-switch#show frame-relay map 


SerialO (up): ip 192.168.5.10 dlici 108(0x6C,0x18C0), dynamic, 
broadcast,, status defined, active 
Seriall (up): ip 192.168.5.5 dleci 104(0x68,0x1880), dynamic, 


broadcast,, status defined, active 


frame-switch#show frame-relay pvc 


PVC Statistics for interface SerialO (Frame Relay DCE) 


DLCI = 108, DLCI USAGE = SWITCHED, PVC STATUS 


ACTIVE, INTERFACE = Serial0 


input pkts 7 output pkts 6 in bytes 580 

out bytes 550 dropped pkts 0 in FECN pkts 0 

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 

in DE pkts 0 out DE pkts 0 

out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 1 


pvc create time 01:20:18, last time pvc status changed 00:00:52 


frame-switch#show frame-relay route 


Input. Inti Tnpue, Dicer Output. Inet Output.Dilei Status 

Serial0O 108 Seriall 104 active 

Seriall 104 Serial0 108 active 
NOTE 


Use? each step of the way when configuring the frame route statements. The familiar show fr 
relay Imi, show frame-relay map, and show frame-relay pvc commands are ready to len: 
with supporting Frame Relay on your routers, but add show frame-relay route to your tool 
troubleshooting a frame switch. 


Save your r2 ending configuration to a file named r2 as a frame switch for rl and r3. 


Before you make too many assumptions, you better make sure the rl and r3 configuration still wor 
newly configured frame switch. Pinging from one end to the other should fail at this point with the 
in the middle. 


You would certainly have a route and be able to ping if you add static routes as in Example 8-9 to « 
destination network. Actually for the preceding back-to-back example it would be fine, but adding : 
or routing protocols here would be very odd things to do. Remember, Frame Relay is Layer 2. 


Example 8-9. rl and r3 Static Routes 


rl(config)#ip route 192.168.5.8 255.255.255.252 sl 


r3 (config) #ip route 192.168.5.4 255.255.255.252 s0/0 

r3 (config) #end 

cl#ping 192.168.5.10 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.10, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 


If you took the static route or routing protocol approach to fixing this problem, remove that portior 
configuration now. Instead, | want you to configure the IP addresses for rls1 and r3s0/0 to be on 1 
subnet as in Figure 8-3 and Example 8-10. Use the existing IP address for r1. 


Example 8-10. Configuring rl and r3 on the Same Subnet 


rl(config)#no ip route 192.168.5.8 255.255.255.252 
rl (config) end 


rl#copy running-config startup-config 


r3(config)#no ip route 192.168.5.4 255.255.255.252 
r3 (config) #interface s0/0 

r3(config-if)#ip address 192.168.5.6 255.255.255.252 
r3(config-if)end 


r3#copy running-config startup-config 


Figure 8-3. Configuring rl and r3 on the Same Subnet 
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Test the Frame Relay connections from the router point of view and then from the service provider 
as in Example 8-11. 


Example 8-11. Testing the Frame Relay Connections 


rl#show frame-relay map 
Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), dynamic, 
broadcast,, status defined, active 
rl#ping 192.168.5.6 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms 
rl#trace 192.168.5.6 
Type escape sequence to abort. 
Tracing the route to 192.168.5.6 
1 192.168.5.6 28 msec 28 msec * 


rl#show arp 


r3#show frame-relay map 


Serial0/0 (up): ip 192.168.5.5. dlei 108 (0x6C,0x18C0), dynamic, 


broadcast,, status defined, active 
r3#ping 192.168.5.5 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.5.5, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 
r3#trace 192.168.5.5 
Type escape sequence to abort. 
Tracing, the reute. to 192.168 .5.5 


1 192.168.5.5 28 msec 28 msec * 


frame-switch#show frame-relay route 


Input Intf Input. Die Output. Intt Output Dlci Status 
Serial0o 108 Seriall 104 active 
Seriall 104 Serial0 108 active 


The shaded output clearly shows that the frame switch is transparent to rl and r3. The pings are si 
trace shows no intermediary hops, and that is what you should expect. When you look at the outpt 
frame-relay map, think of it like looking at the ARP table in Ethernet. 

For Frame Relay Inverse ARP issues, | suggest clear frame-relay-inarp or bouncing the serial int 
and r3 so that they relearn the DLCI information and rebuild their maps. You may need to do that 

show frame-relay Imi command indicates timeouts, use the debug frame-relay Imi command < 
bounce (shut/no shut)the interfaces to observe the communications between the router and the fi 
like in Example 8-12. 


Example 8-12. Troubleshooting the Frame Connections 


frame-switch(config) #interface s0 
frame-switch(config—-if) #shut 
frame-switch(config—if) #interface sl 


frame-switch(config—-if) #shut 


rl(config) #interface sl 

rl (config-if) #shut 

r3 (config) #interface s0/0 

r3 (config-if) #shut 
frame-switch(config—-if) #interface s0 
frame-switch(config-if) #no shut 
frame-switch(config—-if) #interface sl 
frame-switch(config-if) #no shut 
rl#debug frame-relay lmi 

Frame Relay LMI debugging is on 
Displaying all Frame Relay LMI data 
rl#configure terminal 

rl(config) #interface sl 
r1l(config-if)#no shut 

01:13:47: SLINK-3-UPDOWN: Interface Seriall, changed state to up 


01:13:47: Seriall(out): StEnq, myseq 1, yourseen 0, DTE up 


01:13:47: datagramstart = OxE22EA4, datagramsize = 14 


01:13:47: FR encap = 0x00010308 


Ols 13 s472 00 75 95 01 OL 00 03 02 01 00 


OLS S247: 


01:13:47: Seriall(out): StEnq, myseq 1, yourseen 0, DTE up 


01:13:47: datagramstart = OxE22EA4, datagramsize = 13 


01:13:47: FR encap = 0x00010308 


OLsTssais OO FS: Si 01. 00 53 02. 01. 00 


OLsI sry: 


01:13:47: Seriall(out): StEnq, myseq 1, yourseen 0, DTE up 


01:13:47: datagramstart = OxE22EA4, datagramsize = 13 


01:13:47: FR encap = OxFCF10309 


01:13:47: 00 75 01 01 00 03 02 01 00 


Os TSea 7s 


OLS 3473 Sérrall (in) 3. Status, myseq 1 


01:13:47: RT IE 1, length 1, type 0 


01:13:47: KA IE 3, length 2, yourseq 1, myseq 1 


OLls1ls2472 PVC IE Ox? , length Ox6 , dicia 104, status Ox2 , bw 0 


01:13:47: SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed to ACTIVE 


01:13:48: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, changed state 
to up 

01:13:57: Seriall(out): StEnq, myseq 2, yourseen 1, DTE up 

01:13:57: datagramstart = OxE22EA4, datagramsize = 13 

01:13:57: FR encap = OxFCF10309 

OLII3SSS72 OO 75.01 OL 01 03. 02. 02 01 

ORT 3a 7% 

OLIIS25S 7s Sérvalil (in)? Status, myseq 2 

Olsi 357: RI IE 1, Jengeh 1, type 0 

01:13:57: KA IE 3, length 2, yourseq 2 , myseq 2 

OLls1s¢572 PVC IE Oxy , length Oxo ,. dici 104, status Ox0 , bw 0 

01:13:57: SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed to 
INACTIVE 

r3(config-if)#no shut 

01:14:44: SLINK-3-UPDOWN: Interface Serial0/0, changed state to up 

01:14:44: %SFR-5-DLCICHANGE: Interface Serial0/0 - DLCI 108 state changed to 
ACTIVE 

01:14:45: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0O/0O, 
changed state to up 

r3(config-if) #end 


r3#show frame-relay map 


Serial0/0 (up): ip 192.168.5.5 dlci 108(0x6C,0x18C0), dynamic, 


broadcast,, status defined, active 


rl (config-if) #end 


rl#undebug all 


rl#show frame-relay map 


Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), dynamic, 


broadcast,, status defined, active 

rl#ping 192.168.5.6 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 
Success rate is 100 percent (5/5), round-trip min/avg/max 
r3#ping 192.168.5.5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.5, timeout is 


Success rate is 100 percent (5/5), round-trip min/avg/max 


!!!notice the following output where you can't ping yourself 


r3#ping 192.168.5.6 


Type escape sequence to abort. 


seconds: 


56/57/60 ms 


seconds: 


56/58/60 ms 


Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 
r3#copy running-config startup-config 
frame-switch#copy running-config startup-config 


rl#copy running-config startup-config 


The lessons learned from this exercise should reinforce that Frame Relay is a Layer 2 technology. Nh 
turned up the frame switch interfaces first and then the spokes so that Inverse ARP would occur pr 
show frame-relay map command displays the Layer 2/Layer 3 mapping to assist you with why yt 
be able to get to your destination. The clear frame-relay-inarp command should clear all the Inv 
learned entries so that they are relearned; if problems occur, however, you can always bounce the 
necessary, you can always change the encapsulation back to HDLC and then back to Frame Relay. 

By the way, the shaded output illustrates that rl can ping r3 and vice versa, yet r3 can't ping itself 
norm with multipoint interfaces in Frame Relay. If you really want it to work, you can put in a stati 
statement such as in Example 8-13. 


Example 8-13. Adding a Static Frame Relay Map 


r3(config-if) #frame-relay map ip 192.168.5.6 108 

r3(config-if) #end 

c3#ping 192.168.5.6 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/114/124 ms 
r3#show frame-relay pvc 


PVC Statistics for interface Serial0/0 (Frame Relay DTE) 


DLCI = 108, DLCI USAGE = LOCAL, PVC STATUS ACTIVE, INTERFACE = Serial0/0 


input pkts 55 output pkts 52 in bytes 4970 
out bytes 4850 dropped pkts 0 in FECN pkts 0 
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 
in DE pkts 0 out DE pkts 0 

out bcast pkts 7 out bcast bytes 474 


pve create time 22:52:49, last time pvc status changed 22:52:49 
'!!the line above is sort of a tattle tale line:o) 
r3#show frame-relay map 


Serial0/0O (up): ip 192.168.5.5 dlci 108(0x6C,0x18C0), dynamic, 


broadcast,, status defined, active 
Serial0/0 (up) ip 1292.768:5.6 dlei 108 (OxoC, 0x18C0), static, 


CISCO, status defined, active 


The preceding example shows how simple it is to add a static map in the interface configuration mi 
ping yourself, the PVC is active, and you now have a have a static entry in your frame map table al 
previous dynamic one. 


NOTE 


Always check the running configuration before you remove everything because Inverse ARP m 
well be turned off on a protocol-by- protocol basis. 


Also note that the frame switch is not configured for routing at all. For your IP packets to get to the 
destination, they need a route or need to be on the same network. With such a simple example, co 
interfaces on the same subnet or a static route is fine. In larger networks it obviously is not practic 
everything using static routes but rather more feasible to use a routing protocol and default routes 
Relay has its own issues with main interfaces and routing protocols because of its nonbroadcast mt 
(NBMA) nature. Obviously, Frame Relay can't go out and ARP everything on the WAN like in the LA 
primarily means that multiple routers are supported without broadcasting capabilities. Hence routi 
must be replicated using this type of multipoint connection. 


Save your configurations. The significant parts of my ending configurations are in Example 8-14. 


Example 8-14. Shooting Trouble with Frame Relay Scenario Same Subnet 
Configurations 


rl#show running-config 

interface Seriall 

bandwidth 64 

ip address. 192.168:.5.5 255.255.255.252 
encapsulation frame-relay 


clockrate 64000 


frame-switch#show running-config 


frame-relay switching 
interface Serial0 
bandwidth 64 

no ip address 
encapsulation frame-relay 
frame-relay intf-type dce 


frame-relay route 108 interface Seriall 104 


interface Seriall 
bandwidth 64 

no ip address 
encapsulation frame-relay 
frame-relay intf-type dce 


frame-relay route 104 interface SerialdO 108 


r3#show run 

interface Serial0/0 

bandwidth 64 

ip address 192.168: 526 255.255.255.252 
encapsulation frame-relay 

clockrate 64000 


frame=-relay map ip 192.168.5.6 108 


Keep in mind that the service provider can pretty much do what they want inside the cloud and it c 
necessarily have to be Frame Relay. They may be doing ATM MPLS with the appropriate encapsulat 
to the cloud and appropriate encapsulation on leaving the cloud to your destination, or just re-encé 
IP. 


Figure 8-4 shows an example of a Frame Relay cloud with more switches to give you a better feel f 
appropriate route statements in the real world. If you have multiple routers in your environment, fi 
experiment with supporting a more complex cloud. 


Figure 8-4. Multiple Switches in the Cloud 
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Now | want to review some Frame Relay history and terminology before you move on to shooting r 
Relay troubles. If you are already comfortable with the terminology, feel free to move directly into 
Relay Frames" and "Frame Relay Addressing" sections. 


A Brief History of Frame Relay 


Originally Frame Relay was conceived to run over ISDN. The initial proposals went to the 
Consultative Committee on International Telephone and Telegraph (CCITT) in 1984. As 
mentioned in the initial chapters, CCITT is now known as ITU-T, for international standards, 
whereas American National Standards Institute (ANSI) is still known for American standards. 


Standards 


| TU-T approved what is known as Recommendation |.122, the framework for additional packet 
mode bearer services back in 1988. This was part of a series of ISDN specifications where Link 
Access Protocol D Channel (LAPD) carried the signaling information on the D channel. |.122 
outlined how LAPD might be used in other applications besides ISDN. ANSI rapidly progressed 
on this recommendation and T1.606 was approved early in 1990 with complete approval in 
1991. The ITU and ANSI standards for Frame Relay are in alignment with one another. ANSI 
T1.606 is equivalent to |TU-T 1.122 for architecture, and ANSI 11.616 is equivalent to ITU-T 
Q.922 for data transfer. 


In 1990 the Gang of Four consortium developed LMI. LMI is further discussed in the signaling 
section. The Gang of Four included the following: 

e Cisco 

e StrataCom (later acquired by Cisco) 

e Northern Telecom 

e DEC (later acquired by Compaq) 
LM! popularized Frame Relay and the Gang of Four later formed the Frame Relay Forum that has 


grown to more than 300 members. The Frame Relay Forum in Figure 8-5 is at 
www.frforum.com. It is an excellent resource for Frame Relay. 


Figure 8-5. Frame Relay Forum 
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Frame Relay is a bandwidth-on-demand technology where you share bandwidth with others in 
the cloud on a packet-by-packet basis. Although in a PVC the logical path is up and running, no 
bandwidth is actually consumed until needed. This is perceptibly more cost-effective than paying 
for leased lines in many business applications. Frame Relay not only provides a low cost of 
ownership, but it is standards-based, has low overhead along with high reliability (depending on 
your service level agreements), and internetworks well with other services such as ATM. 


Frame Relay is based on sort of a KISS principal ("Keep It Simple, Stupid!"), by letting the 
higher-level protocols worry with the problems. Although the technology includes signaling and 
congestion- notification mechanisms, they are optional. This does not affect compliance with the 
standards but does affect performance. Your best bet is to subscribe to the Committed 
Information Rate (CIR) that is right for you. This and your maximum burst rate (less than the 
line speed) is primarily your service level agreement (SLA) with the provider. When your frames 
are above the CIR, the provider can set the Discard Eligible (DE) bit to 1. This just means that 
DE traffic is discarded prior to frames with the DE bit set to 0 or non-DE. However, the reality of 
all this is all bits are Discard Eligible by the nature of Frame Relay. It is up to the upper layers to 
do the error correction. On the other hand if you have a fat enough pipe, there are times you will 
be able to burst to more than your CIR depending on your SLA, but not more than your physical 
capacity. For example, your physical pipe may be a T1 or T3, but your end-to-end CIR may only 
be 56 kbps. 


Frame Relay is a connection-oriented data-link protocol. The virtual connection or connection 
identifier for the PVC is the DLCI. It offers statistical multiplexing by switching variable-length 
frames. Obviously, this means that traffic delays vary according to frame size. However, Frame 
Relay is even optimal for carrying delay-sensitive traffic such as voice. Traffic shaping and 
quality of service prioritization mechanisms are discussed in CCNP Practical Studies: Remote 
Access (Cisco Press). 


It is getting pretty old to say Frame Relay is a more efficient X.25 replacement because it has 

been alive for better than 10 years now. However, Frame Relay really is an updated X.25 that 

leaves the slow error correction and flow control to the upper layers so as not to burden things 
at Layer 2. You could say Layer 2 can switch it or pitch it and let the upper layers recover 


anything that has been discarded, for X.25 is the only Layer 2 protocol to offer error correction 
(retransmittal). Frame Relay typical speeds are 56 kbps to 44.7 Mbps (DS3). 
Terminology 


Like other technologies, many terms and acronyms are associated with Frame Relay. Use Figure 
8-6 to help you review them. 


Figure 8-6. Frame Relay Terminology 


<—— Status Inquiry 


sh frame Imi 
sh frame map Ie LMI >| 
sh frame pvc 200 Active 

DLCI 

200 

FI scot Sr $e 
—~ feorrr 2 
DLCI aod 
192.168.5.4/30 


Tee, 


Status Inquiry ——> 


LMI | 
100 Active 


400 Aclive 


| LMI | 
300 Active 


Frame Relay is used between the customer premises equipment (CPE) and the Frame Relay 
switch, but the complete path is known up front. Figure 8-6 illustrates the LMI signaling 
(keepalives) that occurs from your router to the local frame switch. The Frame Relay connections 
from r1 to r2 and r3 are through PVCs. Local DLCls are the Layer 2 connection identifiers 
assigned by the service provider. 


Autosensing LMI and traffic shaping are among the many significant features that have been 
available since 11.2 code. Congestion control may be through forward explicit congestion 
notification (FECN) and backward explicit congestion notification (BECN) if in fact Frame Relay is 
used within the service provider cloud. The DE bit is a priority discard bit, but packets within 
your CIR take priority. On the other hand, you may burst higher than your CIR if you have the 
physical capacity to do so. The following list provides a quick review of the main Frame Relay 
terms: 


e DLCI— Data-link connection identifier is a number that identifies the logical local circuit 
between the router and the frame switch. My discussion of DLCIs assumes local 


significance, which is the norm in practical application. Think of these as circuit identifiers 
that are provided by the service provider. 


PVC— Permanent virtual circuit is a virtual circuit that corresponds to an end-to-end path 
going through a Frame Relay cloud. It is permanently established compared to a switched 
virtual circuit (SVC), which is established on demand. 


LMI — Local Management Interface is the signaling between the local router and the local 
Frame Relay switch. The three types include Cisco (LMI), ANSI (Annex D), and Q933A 
(Annex A). 


Cl R— Committed Information Rate is the delivery during normal conditions—minimum 
acceptable throughput. 


Committed burst— Guaranteed delivery under normal conditions. 


Excess burst— Bytes outside the CIR accepted by the frame switch and marked as DE 
eligible. 


DE— Discard Eligible is really a priority discard bit in case the network becomes short of 
resources. 


BECN— Backward explicit congestion notification is set in frames traveling in the opposite 
direction of the congested path. 


FECN— Forward explicit congestion notification informs the DTE device receiving the frame 
that congestion was experienced in the path between the source and destination. 


SLA— You have a service level agreement with your service provider, which includes such 
things as response time, availability, restoration of service, throughput, and SLA reporting. 
For example, physically you may have a T1 or T3 but you only pay for the subscription you 
need, yet you can burst to the maximum burst rate within your physical capacity if 
available. On the other hand, frames flagged as DE are dropped when congestion occurs. 
The ingress frame switch optionally performs the policing. It can drop all frames in excess 
of CIR plus burst or it can just mark them DE and let them proceed. This is a service 
provider policy choice. 


CPE— Customer premises equipment. 


This terminology may vary according to the service provider, but these are some of the most 
common terms and acronyms used in the Frame Relay environment. 


Now | want to look at Frame Relay frames to analyze the details of some of the terminology 
mentioned. 


Frame Relay Frames 


Because Frame Relay is primarily a Layer 2 technology, | want to spend a bit more time with the e 
frame format, and signaling for purposes of supporting it. 


Encapsulation 


| wouldn't expect encapsulation to be a new topic for you. In this chapter you just change your WA 
encapsulation or frame type from HDLC to Frame Relay to communicate using a connection-oriente 
Layer technology. With Frame Relay you communicate from DTE (router) to DTE (router) through < 
Each data-link segment connects to the nearest Frame Relay switch (DCE). Typically the DLCI has 
significance. This local significance is just like my cell phone speed dial. | have programmed numb« 
Mom, and number 2 to be Ed, but you may have number 1 as your significant other and number 2 
or Dad. Think of the phone number as the IP address and the speed dial as the DLCI. 


You can also relate DLCIs to going to the bank. Next time you are sitting at the drive-up window cl 
closing time, watch the tubes and dream about Frame Relay in a hub-and-spoke topology. You pla 
payroll check in the tube just as someone else in the next lane (using another DLCI) is doing. The t 
to one of the tellers (hub) working that day. When the bank teller processes your transaction, she | 
you are by the tube (PVC) you came in on and therefore gives you your cash and gives the other p: 


Any way you look at it, some Layer 3 payload gets stuffed into a Layer 2 frame to be transported t 
provider to get it to the proper destination. Statistically you can multiplex many virtual circuits ove 
physical circuit but part of this efficiency is due to the error and flow control being left up to higher 
protocols. At Layer 2 the default encapsulation type for Frame Relay is Cisco. The encapsulation po 
as follows: 


e Cisco is the default for Cisco devices. 


e IETF is for compatibility with non-Cisco devices. 


NOTE 


Cisco encapsulation is appropriate when both devices are Cisco routers, and Internet Engineer 
Task Force (IETF) encapsulation is appropriate when at least one of the devices is not. 


Now look at the Frame Relay header to see where all the pieces fit. 


The Frame Relay Header 


Examine the Frame Relay format in Figure 8-7. The frame starts and ends with a 1-byte flag. The L 
are contained within the 2- byte address header, and the data is variable. Frame Relay does use af 
sequence (FCS). Even though the protocol can recognize when there has been an error, there is no 
retransmission capability at Layer 2 to correct bad data. 


Figure 8-7. Frame Relay Header 


1 2 Variable 2 1 


Frame 
Relay Address 
Header 


yet 1 Bie2 ee 


“If there is a problem, discard the data. 


Think of the 10-bit DLC! like the MAC address on a LAN. Both are Layer 2 addresses, and routing r 
mappings of IP next hops to Layer 2 addresses. The DLCI identifies the local connection. The 
Command/Response (C/R) bit is application-specific and not modified by the network, and the Exte 
bits allow for a 3- or 4-byte header. Current implementations use a 2-byte DLCI, but the EA bits al 
growth in the future. The next 3 bits are used for congestion control. Figure 8-8 shows a graphical 
explicit congestion notification (ECN). 


Figure 8-8. Frame Relay ECN 
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BECN — Backward Explicit Congestion Notification 
Notify the source thal congestion has occured in the path. 


FECN — Forward Explicit Congestion Notification 
Signal the next neighbor in the path toward destination that congestion has 
occured along the path. 


FECN is forward explicit congestion notification in that it tells the receiving end that the congestion 
the path from the source to the destination. BECN is backward explicit congestion notification in th. 


frames traveling in the opposite direction of the congested path. FECN notifies the destination, whe 
notifies the source. The DE bit is a priority-based DE bit in case the network becomes short of reso: 
frame switch sets the DE bit to 1 when the frame is above your CIR (or committed burst). CPE coul 
same, but it makes no sense for the CPE (router) to set DE. Why should you volunteer for packet d 
compared to all the other customers? 


NOTE 


Keep in mind that if there is a lower-layer problem, the data gets discarded (prior to any unm 
frame) and the upper layers request the retransmission. The reason for the discard may be du 
errors or congestion. This is part of the efficiency of Frame Relay as a Layer 2 technology. 


If you have access to a WAN sniffer, hook it up and watch what is happening. Sniffing on the WAN 
more expensive than sniffing the LAN. Our focus for analyzing the Frame Relay header has and will 
be with show and debug commands built in to the |OS. If you expect to see any output at all for Fr 
however, it relies on the connection between your router and the frame switch. This signaling or ke 
more often referred to as LMI. When encapsulation is configured properly, the LMI keepalive activil 
between the local router and frame switch. 


Signaling (LMl) 


Theshow frame-relay Imi command is one you must have on the tip of your tongue when trouble 
Frame Relay. Chevrolet may be the heartbeat of America, but LMI is the heartbeat of Frame Relay. 
signaling between your router and the local frame switch. The LMI type must match on the same d 
(from the router to the local frame switch), although multiple LMI types can be used from the sour: 
destination network. The signaling consists of a status request from the local router to the frame si 
statusmessage from the frame switch to the local router. Example 8-15 displays the output of shoy 
relay Imi. 


Example 8-15. show frame-relay Imi 


rl>show frame-relay lmi 


LMI Statistics for interface Seriall (Frame Relay DTE) LMI TYPE = CISCO 
Invalid Unnumbered info 0 Invalid Prot Dise 0 
Invalid dummy Call Ref 0 Invalid Msg Type 0 
Invalid Status Message 0 Invalid Lock Shift 0 
Invalid Information ID 0 Invalid Report IE Len 0 
Invalid Report Request 0 Invalid Keep IE Len 0 


Num Status Eng. Sent 4403 Num Status msgs Revd 4403 


Num Update Status Revd 0 Num Status Timeouts 0 


ri> 


The first shaded line displays the statistics for the s1 interface that is configured as Frame Relay D 
LMI type of Cisco, which is the default configuration for a Frame Relay interface. The next to the la: 
line indicates the status inquiries and is equal to the messages received, which means LMI is worki 
Keep an eye on the last line for an increasing number of timeouts within the keepalive interval, wh 
lead to faulty equipment or circuit issues. 


Thedebug frame-relay Imi shows the router requesting DLCIs from the frame switch and the loce 
switch responding with new PVCs, deleted PVCs, and the integrity of the existing PVCs. Status inqu 
go from the router to the frame switch, which in turn replies with up-to-date PVC and DLCI informz 
back to Figure 8-6 for a moment. If all is well, the local frame switch for rl should return DLCI 100 
both as active in that particular example. This process is dynamic like ARP is in the LAN, so you are 
to something that does not exist. However, things are not always normal when the router receives 
information. See Table 8-2 for possible PVC states. 


Table 8-2. PVC States 


PVC Description 
State 
Active The provider's network believes that the PVC is configured and operational from edge t 


within the cloud. The remote router is configured to match. 


Inactive | Local connection may be fine but the other end is not working. Perhaps it has not been 
yet, either on the router or within the provider cloud. 


Deleted |The DLCI that the router is reporting to the frame switch has no validating entry in the 
table. The DLCIs may have been reversed or the PVC may have been deleted. 


Use the following commands to check the LMI status: 


e show frame-relay Imi 
e show frame-relay pvc 
e show interfaces 


Issue a show interfaces sO to check the LMI type. Cisco supports the following LMI types: 


e Cisco LMI type uses DLC! 1023 as its data path. 
e ANSI T1.617 Annex D LMI uses DLCI 0 as its data path. 
e |TU-T Q.933 Annex A uses DLCI 0 as its data path. 


Note that LMI typically runs over reserved DLCI 0 or 1023. Normally the DLCls assigned from the : 


provider are in the range of 16 to 1007. You can easily remember that if you were 16 years old wh 
your driver's license and if you are aJ ames Bond fan. 


What if you need to configure the LMI to be something other than the Cisco default? The service pr 
this decision in the real world, but in the private world you can certainly do what you want. Refer k 


8-3 if you need to review your lab setup again. Configure rl for ANSI LMI, and watch the keepalive 
line protocol goes down as in Example 8-16. 


Example 8-16. Configuring and Testing ANSI LMI 


rl#debug frame-relay lmi 

Frame Relay LMI debugging is on 
Displaying all Frame Relay LMI data 
rl#configure terminal 

rl(config) #interface sl 


rl(config-if) #frame-relay lmi-type ansi 


rl (config-if) #end 

Dec 10 09:09:29.553: Seriall(out): StEng, myseq 1, yourseen 0, DTE up 
Dec 10 09:09:29.557: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:09:29.557: FR encap = 0x00010308 

Dec 10 09:09:29.557: 00 75 95 Q1 01 01 03 02 01 00 

Dec 10 09:09:29.565: 

Dec 10 09:09:229.785: SSYS=5=CONFIG_I: Configured from console by console 
Dec 10 09:09:39.553: Seriall(out): StEngq, myseq 2, yourseen 0, DTE up 
Dec 10 09:09:39.557: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:09:39.557: FR encap = 0x00010308 


Déc 10 O9F09339.5612 O00 75 95 01 OL 00° 03 02 02 00 


Deer LO 09209939. 565% 


r1l# 


Dec 10 09:09:49.553: Seriall(out): StEngq, myseq 3, yourseen 0, DTE up 


Dec 10 09:09:49.557: datagramstart = OxE3F544, datagramsize = 14 


Dec 10 09:09:49.557: FR encap = 0x00010308 


Dec 10 


Dec 10 


Dec 10 


Dec 10 


Dec 10 


Dec 10 


Dec 10 


Dec 10 
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irate 


Oo 


O98 
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OO: 


10% 


49. 


49. 


Snel 


59). 


Dos 


59: 


ac 


59. 


OO. 
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Sos 


565% 


553% 


585: 


5893 


389s 


BO 3s 


597s 


553% 


OO 7S 9S: OL OL 00) 03 02 U3: 00 


SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed 


Seriall(out): StEnq, myseq 1, yourseen 0, DTE down 


datagramstart = OxE3F544, datagramsize = 14 
FR encap = 0x00010308 


00 75 95 01 01 00 03 02 01 00 


SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


rl#show frame-relay map 


rl#show frame-relay pvc 


PVC Statistics for interface Seriall (Frame Relay DTE) 


chan 


Now set s1 on the frame switch to be ANSI LMI, and continue to watch the keepalive activity on rl 
Example 8-17. 


Example 8-17. Configuring the Frame Switch for ANSI LMI 


frame-switch (config) #interface sl 


frame-switch(config-if) #frame-relay lmi-type ansi 


frame-switch (config-if) #end 


frame-switch#copy running-config startup-config 


!!! status 


Dec 10 


Dec 10 


Dec 10 


Dec 10 


09: 


09: 


09: 


09% 


inquiry from rl to the frame switch 


30: 


30: 


3:02 


30% 


49. 


49. 


49. 


49. 


5S 


5c 3 


Do 3 


2613 


Seriall(out): StEnq, myseq 126, yourseen 1, DTE down 
datagramstart = OxE3F544, datagramsize = 14 
FR encap = 0x00010308 


OO "FS. 9S: OL OL OL 03°02 FE OL 


!!'tkeepalive reply from the frameswitch to rl (full status update) 


Dec. 10 09330249.597: Seriall (in): Status, myseq 126 

Dec 10 09:30:49.597: RT IE 1, length 1, type 0 

Dec 10 09330:49.6012 KA IE 3, length 2, yourseq 2 , myseq 126 

Dec 10 09:30:49.601: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 
'!lstatus inquiry from rl to the frame switch 

Dec 10 09330:59.581: Seriall (out): StEnq, myseq 127, yourseéen 2, DTE up 
Dec 10 09:30:59.581: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:30:59.585: FR encap = 0x00010308 

Dee 10 092303595852 00 75 95 01 OL O01. 0302. 7F 02 

!'!!keepalive reply from the frameswitch to rl 

bée 10 09307596012 Serial] (in): Status, myseq 127 

Dee 10 O09230759.605% RT TE 1, Length 1, type 1 

Dec. 10 09930759.605: KA IF 3, length 2, yourseq 3 , myseq 127 

Dec 10 09331:00.553: SLINEPROTO=5=UPDOWN: Line protocol on Interface Seériali, 
“iate to up 

!!!status inquiry from rl to the frame switch 

Dec 10 09:31:09.553: Seriall(out): StEng, myseq 128, yourseen 3, DTE up 
Dec 10 09:31:09.557: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:31:09.557: FR encap = 0x00010308 

Dee 10 09231. 09.5612 O00 75 95 01 O21 -01 03 02 80. 03 

!'!!keepalive reply from the frameswitch to rl 

Dec 10 09331209.5772 Seriall (in): Status, myseq 128 

Dee 10 0883209 S773 RT TE 1, Length 1, type 1 

Dec 10 09331:309.577: KA IF 3, length 2, yourseq 4 , myseq 128 

!!!status inquiry from rl to the frame switch 

Dec 10 09:31:19.553: Seriall(out): StEng, myseq 129, yourseen 4, DTE up 
Dec 10 09:31:19.557: datagramstart = OxE3F544, datagramsize = 14 


chan 


Dee, LO? O95 S13 


Dee 10 O9s313 


19.5573 FR éencap 0x00010308 


LGesols OOF “75-95. (01 Ot Ol. 0302: 81-04 


!'!!keepalive reply from the frameswitch to rl 

Dee 10 UST31219 S772 Serial (in)< Status, myseq 129 

Dee 10 O92s31319 5773 RT TE 1, Length 1, type: 1 

Dec. 10 09331219.5772 KA IF 3, length 2, yourseq 5 , myseq 129 

!!!status inquiry from rl to the frame switch 

Dec 10 09:31:29.553: Seriall(out): StEng, myseq 130, yourseen 5, DTE up 
Dec 10 09:31:29.557: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:31:29.557: FR encap = 0x00010308 

Dec 10 O09%31229.561: 00 75 95 01 01 01 03 02 82 05 

!!!keepalive reply from the frameswitch to rl 

Dec 10 09931:29.577: Seriall(in): Status, myseq 130 

Dee 10 OSt3ls29 5775 RY LE 1, length 1, type 1 

Dec 10 09:31:29.577: KA IE 3, length 2, yourseq 6 , myseq 130 

!!!status inquiry from rl to the frame switch 

Dec 10 09:31:39.553: Seriall(out): StEng, myseq 131, yourseen 6, DTE up 
Dec 10 09:31:39.557: datagramstart = OxE3F544, datagramsize = 14 

Dec 10 09:31:39.557: FR encap = 0x00010308 

Dee 10 09231539 -561s 00 7595. 01 OT 00 03-02. 83. 06 

!!'tkeepalive reply from the frameswitch to rl (full status update) 

Dec. 10 U9331739. 5772 Serialli (in): Status, myseq 131 

Dec 10 09:31:39.581: RT IE 1, length 1, type 0 

dee. 10 U9F31739. 5812 KA IE 3, length 2, yourseq 7 , myseq 131 

Dec 10 09:31:39.585: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 

Dec 10 09:31:39.585: SFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed 


rl#show frame-relay map 


seriall, (up) 


ip 192.168.5.6 dlci 104 (0x68,0x1880) 


al 


dynamic, 


broadcast,, status defined, active 


rl#undebug all 


The output of debug frame-relay Imi is quite helpful to show the LMI status request sent out by t 
indicated by (out) on the interface. Likewise, the (in) on the interface indicates the LMI received fr« 
switch. Also, type 0 is a full LMI status message that includes such data as the DLCI, the status, th 
any traffic-shaping type of information. The status corresponds to the active, inactive, and deleted 
DLCls. For example, 0x0 is inactive, 0x2 is active, and 0x4 is deleted. Watch out for 0x4 (the delet 
The DLCIs may be reversed or the PVC may have actually been deleted. 


Now that the DLCI is active, view the LMI statistics, clear the interface counters so that old statistic 
your way later, and ping the other end of the PVC as in Example 8- 18. 


Example 8-18. Viewing the LMI Statistics 


rl#show frame-relay lmi 


LMI Statistics for interface Seriall (Frame Relay DTE) LMI TYPE = ANSI 


Invalid Unnumbered info 0 Invalid Prot Disc 0 
Invalid dummy Call Ref 0 Invalid Msg Type 0 
Invalid Status Message 0 Invalid Lock Shift 0 
Invalid Information ID 0 Invalid Report IE Len 0 
Invalid Report Request 0 Invalid Keep IE Len 0 
Num Status Eng. Sent 9675 Num Status msgs Revd 9549 
Num Update Status Revd 0 Num Status Timeouts 127 
c1l# 


rl#clear counters sl 


Clear "show interface" counters on this interface [confirm] 


rl#ping 192.168.5.6 
Type escape sequence to abort. 
Sending 5, 100=byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 


Examples 8-16 and 8-17 illustrate what it is like to have a local LMI mismatch, but how the remote 
PVC can use a different LMI from the local end. You proved that the frame switch can handle multi} 
just in case it is connected to something other than a Cisco device. However, the same data link or 
between the local router and the frame switch must use the same LMI. Use the show frame-relay 
command to find LMI mismatches. When you are sending and not receiving, for instance, it is kind 
talking English and the other person talking French when neither of you happen to be bilingual. We 
increase in status timeouts as highlighted in the preceding example. 


Frame Relay Addressing 


Frame Relay Layer 2 addresses are DLCls. | mentioned previously that the WAN DLCls are 
analgous to the LAN MACs. ARP is the method | discussed for mapping IP to MAC in the LAN 
chapters and RARP is just the opposite of mapping MAC to IP. Frame uses Inverse ARP. Routers 
learn remote IP addresses to map to local DLCIs via Inverse ARP or static map statements as 
illustrated in Figure 8-9. Use the picture and steps covered in the next section to assist you with 
troubleshooting Frame Relay Inverse ARP issues. 


Figure 8-9. Inverse ARP 
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Refer to the five steps that follow in the "Inverse ARP” section. 


Inverse ARP 


As you have witnessed in the debug Imi commands, about once a minute or every six 
keepalives a router requests a full status response from a Frame Relay network with active 
DLCls. This is the signaling or LMI between the local router and the local Frame Relay switch. 
The router then sends an Inverse ARP out on each PVC. The remote routers respond with their 
respective IP addresses. The original router then maps the IP addresses to the right DLCls. 
Understanding this is critical to anyone troubleshooting Frame Relay networks. Follow along with 


the steps in Figure 8-9: 


1. After the Physical Layer is up, the router sends a status inquiry to the local frame switch. 
The default keepalive activity between the router and the switch is occurring every 10 
seconds. Every sixth poll (60 seconds), the router requests a full status. 


2. The local frame switch replies with a status update message to the router every 10 seconds 
with a full update including DLCI information every 60 seconds, specifically, every sixth LMI 


inquiry. 


3. Now that the local router knows about a PVC through an active DLCI, it can send its IP 
address to the other end. This is an Inverse ARP packet. 


4. The remote router knows which local DLCI it received the address on and sets upa 
corresponding map. It is important to note that the local router uses its own DLCI, which 
may not be the same as the remote router is using. 

5. Keepalive (LMI) activity continues to occur by default every 10 seconds between the router 


and the local frame switch with a full status message every 60 seconds. This dynamic 
nature ensures that any changes are accounted for as they occur. 


NOTE 


Decrease your keepalive activity by one until they stabilize if you are having trouble 
with flapping links. 


See the previous examples for show frame-relay map output, but Example 8-19 and 8-20 
display a couple of debug commands that can assist you capture the Inverse ARP activity. 


Example 8-19. Inverse ARP and debug frame-relay events 


rl#debug frame-relay events 
Frame Relay events debugging is on 
rl#configure terminal 


rl(config) #interface sl 


rl (config-if) #shut 
rl(config-if)#no shut 


01:48:12: SLINK-3-UPDOWN: Interface Seriall, changed state to up 


01:48:13: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 


changed state to up 


01:48:22: GFR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed to ACTIV 


Gl 


01:48:23: Seriall: FR ARP input 

01:48:23: datagramstart = OxE3B384, datagramsize = 30 

01:48:23: FR encap = 0x18810300 

01:48:23: 80 00 00 00 08 06 00 OF 08 00 02 04 00 08 00 00 

01:48:23: CO A8 05 06 18 C1 00 00 00 00 

O14 83 23% 

rl (config-if) #end 

cl#ping 192.168.5.6 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 


rl#undebug all 


Example 8-19 shows the Inverse ARP activity when you bring up an interface. Although not 
recommended in a practical environment, compare the previous events received to the debug 
frame-relay packet output in Example 8-20. 


Example 8-20. Inverse ARP and debug frame packet 


rl#debug frame-relay packet 


Frame Relay packet debugging is on 


rl#configure terminal 


rl(config) #interface sl 


rl (config-if) #shut 


rl1l(config-if)#no shut 


01s 


Os 


Ol: 


O1: 


Ol: 


O12 


Oil: 


OL: 


Oils 


O11: 


49:46: SLINK-3-UPDOWN: Interface Seriall, changed state to up 
49:47: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriall, 
changed state to up 
49:56: %FR-5-DLCICHANGE: Interface Seriall - DLCI 104 state changed to ACTIVE 
49:56: Seriall(o): dlci 104(0x1881), pkt encaps 0x0300 0x8000 0x0000 0x806 
(ARP), datagramsize 30 
49:56: FR: Sending INARP Request on interface Seriall dlci 104 for link 7(IP) 
49:56: broadcast dequeue 
49:56: Seriall(o):Pkt sent on dlici 104(0x1881), 
pkt encaps 0x300 0x8000 0x0 0x806 (ARP), datagramsize 30 
50:03: Seriall (i) dlci 104(0x1881), 
pkt encaps 0x0300 0x8000 0x0000 0x806 (ARP), datagramsize 30 
903033 Serizail: frame relay INARP received 


50:03: FR: Sending INARP Reply on interface Seriall dlci 104 for link 7(IP) 


rl (config-if) #end 


rl#ping 192.168.5.6 


Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.5.6, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms 
rl# 
01:50:37: Seriall(o): dlci 104(0x1881), pkt type Ox800(IP), datagramsize 104 


O1: 


Od: 


50:37: Seriall(i): dlci 104(0x1881), pkt type 0x800, datagramsize 104 


50:37: Seriall(o): dlci 104(0x1881), pkt type Ox800(IP), datagramsize 104 


01:50:38: Seriall(i): dlci 104(0x1881), pkt type 0x800, datagramsize 104 


rl#undebug all 


Thedebug frame packet command is excellent to watch the Inverse ARP activity for 
understanding. On the other hand, like any debug packet command, it is not too forgiving in the 
production environment. 


As you can see, commands such as show interfaces, show frame-relay Imi, show frame- 
relay pvc, show frame-relay map, show frame-relay route, debug frame-relay Imi, 
debug frame-relay events, and debug frame packet are quite beneficial in troubleshooting 
Frame Relay. How many times have you made a typo on an IP address or DLCI assignment? 
Mistakes certainly stand out with these commands, especially if you quickly compare them to 
show ip interface brief. So far on the end-user side of the frame you have been using Inverse 
ARP for the Layer 2-to-Layer 3 mapping. Now | want to turn your attention to using static maps. 


Static Map Statements 


Static map statements in Frame Relay disable Inverse ARP. You can think of this like your 
routing protocols having a higher administrative distance than your static routes and the latter 
taking precedence. Actually, routing protocols are a good topic to discuss with Frame Relay and | 
cover them in the "Shooting Trouble with Frame Relay" section. 


NOTE 
Frame Relay is an NBMA technology, so remember to use the broadcast keyword with 
static maps so that the Layer 3 routing updates get forwarded. It allows broadcasts 


and multicasts over the PVC and in effect turns the broadcast into a unicast to send it 
out so that the other side gets the routing updates. 


With Inverse ARP, the show frame-relay map command displays not only dynamic for the 
method of learning about the map, but also broadcast. However, this is not the default when you 
define your own static map statements. 


Now | want you to turn off Inverse ARP and use static mappings for your hub-and-spoke 
topology from r2 to rl and r3 as in Example 8-21. 


Example 8-21. Static Map Statements 
rl(config) #interface sl 


rl(config-if) #frame map ip 192.168.5.6 ? 


<1e=1007> —~DLCTL 


rl(config-if) #frame map ip 192.168.5.6 104 ? 


broadcast Broadcasts should be forwarded to this address 
ersco Use CISCO Encapsulation 

compress Enable TCP/IP and RTP/IP header compression 
ietf Use RFC1490/RFC2427 Encapsulation 

nocompress Do not compress TCP/IP headers 


payload-compression Use payload compression 


rep RTP header compression parameters 
tcp TCP header compression parameters 
Kore 


rl(config-if)#frame map ip 192.168.5.6 104 broadcast 
rl (config-if) #end 


rl#copy running-config startup-config 


r3 (config) #interface s0/0 
r3(config-if) #frame map ip 192.168.5.5 108 broadcast 
r3(config-if) #end 


r3#copy running-config startup-config 


Configuring the static map statements automatically turned off Inverse ARP as Example 8-22 
illustrates. Verify that r3 can ping the address mapped to DLCI 108. 


Example 8-22. Viewing the Static Map Configurations 


rl#show frame-relay map 
Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), static, 
broadcast,CISCO, status defined, active 


r3#show frame-relay map 


Serial0/0 (up): ip 192.168.5.5 dlci 108(0x6C,0x18C0), static, 
broadcast,CISCO, status defined, active 

cv3#ping 192.168.5.5 

Type escape sequence to abort. 


Sending 5, 100=byte ICMP Echos to 192.168.5.5, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 


NOTE 


Inverse ARP is enabled by default, but turned off automatically when you put in a static 
map statement. To select Inverse ARP for a particular protocol, use the following 
interface configuration command: frame-relay inverse-arpprotocol dici#. This is not 
necessary on a point-to-point subinterface. 


Other options that are available while configuring static map statements include compression, 
and from a support standpoint what you are doing on one end better match what you are doing 
on the other. An example of the command is frame-relay map ip 192.168.5.6 104 broadcast 
payload-compress packet- by- packet. Feel free to experiment with compression with Frame 
Relay, but remember to remove it from your configurations before you continue on with Frame 
Relay at the Physical Layer. 


Frame Relay at the Physical Layer 


Although Frame Relay is a Layer 2 technology, it obviously depends on Layer 1, too. How about 
things such as clocking, cables, controllers, and channel service units/data service units 

(CSUs/DSUs)? These are all things you take for granted, but cannot forget in the support world. 
Although in lab scenarios you use back-to-back serial cables with one end wired to be a physical 
DTE and the other end to be a physical DCE, this works a little differently in the practical world. 


The router may directly connect to the Frame Switch or to a CSU/ DSU that connects to the frame 
switch. The CSU/DSU is like a modem in many respects. It converts the V.35 or ElA/TIA-449 
signals to a properly coded transmission signal necessary by the local exchange carrier (LEC) 
local circuit. You receive your clock (timing) from the provider in practical application, instead of 
you using the clock rate statement on your DCE end of the cable. 


In this section | concentrate more on supporting the hub-and-spoke topology using subinterfaces 
because that is probably the most common application of Frame Relay. 


Topologies 


As many design books discuss, there are basically three physical approaches or topologies you 
can adopt in Frame Relay: hub-and-spoke (star), partial mesh, and full mesh (or some hybrid 
thereof). 


Which one you pick really boils down your redundancy needs and your pocketbook. Scalability, 
manageability, and optimization always seem to find their way into the goals of any internetwork 
design. Frame Relay is no exception. For example, you normally don't see the maximum number 
of DLCls configured on an individual serial port. Instead 200 to 300 is the normal maximum, and 
more like 50 or less is more realistic. Take into consideration things such as what routing 
protocols you are using, your router CPU capacity, PVC speeds, the speed of your lines, 
compression, your CIR, and bursting capabilities. 


A hub-and-spoke topology is normally more economical. Redundant PVCs sound like a good 
thing. However, you pay for each PVC, and although in many cases that is more economical than 
leased lines, you should use the appropriate topology and get the appropriate SLA from the 
provider for your requirements. My focus is really not on design here but rather on supporting 
the different types of Frame Relay interfaces that you may run across in the WAN. 


Interfaces that support Frame Relay are multipoint and non-NBMA by default. As you have 
learned in your routing studies, however, many routing updates are broadcast or multicast in 
nature. If you have multiple neighbors off the same multipoint interface, there is a need for 
routing replication for each PVC. This is a big issue on the WAN with NBMA technologies. 
Therefore it is important for you to get lots of hands-on experience with Frame Relay over both 
multipoint and point-to-point subinterfaces and a variety of routing protocols. 


Subinterfaces 


Point-to- point subinterfaces should be used in the majority of cases regardless of protocol 
because packets received on one interface can be forwarded out another. This way, a single 
physical interface works like several logical interfaces. | like to think of each point-to-point 
subinterface as if it were my own dedicated leased line. Point- to- point subinterfaces require their 
own subnet like leased lines, but are not subject to the split-horizon issues of Frame Relay 


running on main or multipoint interfaces. Point-to-point interfaces don't need map statements. 
Instead interface DLCIs are assigned, because each subinterface is a separate PVC. 


Multipoint subinterfaces do not resolve split-horizon issues, but they can save IP address space 
because a single subnet is used. They are more applicable to mesh topologies, whereas point-to- 
point subinterfaces are more applicable to hub-and-spoke topologies. 


Define a subinterface in interface configuration mode using the following example: interface 
serialO.1 [multipoint | point-to-point]. The shortcut interface sO.1 p creates a point-to- 
point subinterface for sO. The shortcut interface sO.1 m creates a multipoint subinterface for 
sO. The documentation for 12.1 code and later states that there is no default as far as multipoint 
or point-to-point. However, a serial physical interface is in fact multipoint for Frame Relay. 


It is time for some more practical application of all this. | want you to configure subinterfaces to 
shoot some trouble for yourself. Then | will review some common issues with routing protocols 
over Frame Relay, particularly regarding its NBMA nature. Use the same routers you have been 
working with in the chapter scenarios thus far. Configure r3 as the frame switch and the rest of 
the routers in a hub-and-spoke topology using rl as the hub at the HQ site. HQ should be able to 
communicate with all remote locations using Frame Relay multipoint subinterfaces. All remote 
locations (DC and VA) should be able to communicate with HQ using multipoint subinterfaces 
over network 192.168.8.0/24. The service provider provides all clocking. Use r2 and r4 as the 
spokes or the remote locations. Draw a diagram as in Figure 8-10 for your lab and use it to 
shoot any troubles as you go along. 


Figure 8-10. Multipoint Subinterface 
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frame map ip 192.168.4 104 broadcast 


First, rewire according to the multipoint subinterfaces scenario in Figure 8-10. Then configure 
the frame switch, and then the hub (HQ) and spokes (DC and VA). Compare your results to the 


examples starting in Example 8-23. 


NOTE 

Make sure you put descriptions on your interfaces and passwords on your devices to 
enable telnet access. Using the logging synchronous command is a good practice, 
too. | saved you a few steps by eliminating these from some of the previous 
configurations just because this is a lab. However, bad habits are hard to break. 
Always do this in a practical environment to assist you with troubleshooting. | saved 
my configuration to a file named r3 as frame switch for multipoint scenario if you prefer 
to paste it into rl's configuration mode instead of typing. 


Example 8-23. Frame Switch Configuration 


Router (config) #hostname frame-switch 
frame-switch (config) #frame-relay switching 

frame-switch (config) #interface s0/0 
frame-switch(config-if) #description r3s0/0 to HQ 
frame-switch(config—-if) #bandwidth 64 
frame-switch(config—if) #clock rate 64000 
frame-switch(config-if) #encap frame 
frame-switch(config—-if) #£rame-relay intf-type dce 
frame-switch(config-if) #frame route 102 interface s0/1 101 
frame-switch(config-if) #frame route 104 interface s0/2 101 
frame-switch(config-if)#no shut 

frame-switch(config-if) #interface s0/1 
frame-switch(config-if) #description r3s0/1 to DC 
frame-switch(config—-if) #bandwidth 64 
frame-switch(config-if) #clock rate 64000 
frame-switch(config-if) #encap frame 
frame-switch(config-if) #f£rame-relay intf-type dce 


frame-switch(config-if) #frame route 101 interface s0/0 102 


frame-switch(config—-if) #no shut 
frame-switch(config-if) #interface s0/2 
frame-switch(config-if) #description r3s0/2 to VA 
frame-switch(config-if) #bandwidth 64 
frame-switch(config-if) #clock rate 64000 
frame-switch(config-if) #encap frame 
frame-switch(config—-if) #frame-relay intf-type dce 
frame-switch(config-if) #frame route 101 interface s0/0 104 
frame-switch(config-if) #no shut 

frame-switch (config-if) #exit 

frame-switch (config) #line console 0 
frame-switch(config-line) #logging synchronous 
frame-switch(config-—line) #exit 
frame-switch(config) #enable secret donna 
frame-switch(config) #line vty 0 4 
frame-switch(config-line) #password donna 
frame-switch(config-line) #end 


frame-switch#copy running-config startup-config 


The frame switch configuration is familiar to you by now although you could have accidentally 
configured r2 rather than r3 or ran into Physical Layer issues. This frame switch implementation 
is more practical than what you worked with earlier in the sense that the physical DCE ends of 
the cable connect you to the service provider. Verify that you set it up properly with the show 
frame-relay route command as in Example 8-24. 


Example 8-24. Verifying the New Frame Switch Configuration 


frame-switch#show frame-relay route 


Input Intf Inpur Dier Output Intf Output Dlci Status 


Serial0/0 102 Serial0/1 41.01, inactive 


Serial0/0 104 Serial0/2 101 inactive 


Serial0/1 104 Serial0/0 102 inactive 


Serial0/2 102. Serial0/0 104 inactive 


The input interface/ dlici columns show the interface and DLCI number the packets come in on 
and the output interface/dlici columns show the interface and DLCI number the packets leave on. 
The PVC status is inactive at the present time because you have not configured the other ends. 


Next configure the hub router using a multipoint subinterface as in Figure 8-10 and Example 8- 
25. My file is named r1 multipoint hub config if you would rather just copy and paste. 


Example 8-25. Configuring the Hub Router for Multipoint Subinterfaces 


Router (config) #hostname rl 

rl1(config) #interface sO 

rl(config-if) #encap frame 

rl(config—-if) #interface s0.100 

% Incomplete command. 

rl1l(config) #interface s0.100 multipoint 

rl(config-subif) #ip address 192.168.8.1 255.255.255.0 
r1l(config-subif) #bandwidth 64 

rl(config-—subif) #frame-relay map ip 192.168.8.2 102 broadcast 
rl1l(config-—subif) #frame-relay map ip 192.168.8.4 104 broadcast 
rl1(config-subif) #no shut 

rl(config) #line console 0 


r1l(config-line) #leogging synchronous 


rl (config-line) #exit 
rl(config) #enable secret donna 
rl(config) #line vty 0 4 


rl (config-line) #password donna 


r1(config-line) #end 


rl#copy running-config startup-config 


Finally, configure the spoke routers using multipoint subinterfaces, too, as in Example 8-26. At 
this time do not use mapping statements for r2 and r4. Once again, you can copy and paste if 
you prefer. 


Example 8-26. Configuring the Spoke Routers with Multipoint 
Subinterfaces 


Router (config) #hostname r2 

r2 (config) #interface sO 

r2(config-if) #encap frame 

r2(config-if) #interface s0.101 m 

r2 (config-subif) #bandwidth 64 

r2(config-subif) #ip address 192.168.8.2 255.255.255.0 


r2(config-subif)#no shut 


r2 (config-subif) #exit 
r2 (config) #line console 0 


r2 (config-line) #logging synchronous 


r2 (config-line) #exit 
r2 (config) #enable secret donna 
r2 (config) #line vty 0 4 


r2(config-line) #password donna 


r2 (config-line) #end 


r2#copy running-config startup-config 


Router (config) #hostname r4 
r4 (config) #interface s0/0 


r4(config-if) #encap frame 


r4(config-if) #interface s0/0.101 m 
r4(config-subif) #bandwidth 64 
r4(config-subif) #ip address 192.168.8.4 255.255.255.0 
r4(config-subif)#no shut 
r4(config-subif) #exit 

r4(config) #line console 0 
r4(config-line) #logging synchronous 
v4 (config-line) #exit 

r4 (config) #enable secret donna 
r4config) #line vty 0 4 
r4(config-line) #password donna 
r4(config-line) #end 


r4#copy running-config startup-config 


Verify connectivity. Check your interfaces, LMI, PVCs, and so on starting in Example 8-27. 


Example 8-27. Verifying Multipoint Subinterface Configurations 


rl#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O unassigned YES unset administratively down down 
Ethernetl unassigned YES unset administratively down down 
Serial0O unassigned YES unset administratively down down 
Serial0.100 VOB 68.2201 YES manual down down 
Seriall unassigned YES unset administratively down down 


You may have forgot to bring up all your interfaces as | did in my copy-and- paste file, but show 
ip interface brief clearly shows you administratively down. Fix the rl interface issues as in 


Example 8-28. 


Example 8-28. Bringing Up the Main SerialO I nterface 


rl(config) #interface s0 

rl(config-if)#no shut 

00:54:16: SLINK-3-UPDOWN: Interface Serial0, changed state to up 

00:54:16: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, 
changed state to up 

00:54:16: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, 


changed state to down 


Gl 


00:54:26: SFR-5-DLCICHANGE: Interface Serial0 - DLCI 102 state changed to ACTIV 


00:54:26: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, 


changed state to up 


00:54:27: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0O, 


changed state to up 


00:54:27: SFR-5-DLCICHANGE: Interface Serial0 - DLCI 104 state changed to ACTIVE 


00:54:36: SFR-5-DLCICHANGE: Interface SerialO - DLCI 104 state changed to 
INACTIVE 


rl (config-if) #end 


DLCI 104 appears to be bouncing between active and inactive. The "no shut" of the physical 
interface caused all subinterfaces to be optimistically "up" until the actual |OS verification 
method (LMI) deemed it not so. The default time and date stamps certainly aren't as useful as 
with the service timestamps [debug |log]datetime localtime msec commands, which would 
be helpful for troubleshooting other issues. Add those commands and set the clock for all your 
hub-and-spoke boxes at this time. 


Configure and troubleshoot the rest of your routers until they are configured like Figure 8-10. 
Ensure HQ can ping DC and VA. Continue your Frame Relay testing as in Example 8-29. 


Example 8-29. Verifying the Frame Relay Multipoint Subinterface 
Scenario on rl 


rl#show frame-relay map 

Serial0.100 (up): ip 192.168.8.2 dlci 102 (0x66,0x1860), static, 
broadcast, 
CISCO, status defined, active 

Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 
CISCO, status defined, active 


rl#ping 192.168.8.2 


Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.2, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 

rl#ping 192.168.8.4 


Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


Theshow frame-relay map output illustrates how DLCI 102 can get to 192.168.8.2 (DC) and 
how DLCI 104 can get to 192.168.8.4 (VA). The PVCs are active, yet the pings are not 
successful. Help me determine the problem in Example 8- 30. 


Example 8-30. Verifying the Frame Relay Multipoint Subinterface 
Scenario on r2 and r4 


r2#show frame-relay map 
c2# 


r2#clear frame-relay-—inarp 


r4#show frame-relay map 

Serial0/0 (up): ip 0.0.0.0 dlci 101(0x65,0x1850) 
broadcast, 
CISCO, status defined, active 

r4#clear frame-relay-—inarp 

r4#show frame-relay map 

Serial0/0O (up): ip 0.0.0.0 dlci 101(0x65,0x1850) 
broadcast, 


CISCO, status defined, active 


You just never know what to expect when you are troubleshooting. r2 shows nothing in its 
Inverse ARP table, and r4 has a 0.0.0.0 mapping that does not belong there. You tried clearing 
the Inverse ARP table, which did not seem to make a difference. The 0.0.0.0 is not a default 
route, but the |OS's way of saying an Inverse ARP message has not been received from the 
neighbor at the other end of the PVC. That's why the ping failed—it made it fine from r1 to r4, 
but r4 couldn't send the reply because the map was incomplete (encapsulation failed). The other 
end already sent its Inverse ARP message well before the r4 end was active. After rl sent an 
Inverse ARP message, r4 could complete the map. DC and VA need directions on how to get to 
HQ. You should configure map statements like you did for rl on r2 and r4. Verify that it works in 


Example 8-31. 


Example 8-31. Configuring Static Maps on r2 and r4 


r2 (config) #interface s0.101 

r2(config-subif) #frame-relay map ip 192.168.8.1 101 

v4 (config) #interface s0/0.101 

r4(config-—subif) #frame-relay map ip 192.168.8.1 101 

VIVHO ‘to DC 

cl#ping 192.168.8.2 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Echos to 192.168.8.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 


1!!HOQ to VA 

cl#ping 192.168.8.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 
!!!IDC to HO 

cr2#ping 192.168.8.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 
!!!VA to HQ 

c4#ping 192.168.8.1 

Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.8.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms 


This scenario does offer you a learning opportunity. The 0.0.0.0 route was stuck in the mapping 
somehow, and you had to reload the routers (at least the router with the 0.0.0.0 mapping) to 
get rid of it. In looking back, you could have changed the encapsulation back to HDLC and then 
reconfigured Frame Relay. Perhaps that would have been a better thing to try instead of a reload 
if multiple people were affected. 


For the experience, verify this multipoint scenario further using all the Frame Relay commands 
discussed so far. Ultimately, HQ should be able to communicate with DC and VA and vice versa 
as was proved back in Example 8-31. However, DC should not be able to ping VA in this scenario 
because there is nothing in the Inverse ARP table to allow it to do so. This would require static 
maps like you did back in Exercise 8-12 when you wanted to ping yourself using multipoint 
interfaces in Frame Relay. 


A good practical application of a multipoint subinterface configuration is when you are migrating 
from main interfaces to point-to-point subinterfaces. When doing so, take the lowest CIR times 
the number of PVCs to get a good bandwidth for each multipoint PVC. Point-to- point 
subinterfaces are by far more common in the real world, and you will work with them in Trouble 


Tickets. 


NOTE 


Theframe-relay interface-dlcidici# command is typically used with point-to- point 
subinterfaces. Multipoint communications make use of Inverse ARP or static mappings. 


Shooting Trouble with Frame Relay 


In this section | want to reinforce the general things to look for when shooting Frame Relay 
troubles. Also! want to cover a little more detail on shooting trouble with running routing 
protocols over Frame Relay, and then discuss loopback testing. 


The first question to ask yourself with Frame Relay is did it ever work. You are obviously going 
beyond your control that you had in the LAN to the service provider cloud. However, you must 
still continue your layered approach to troubleshooting. Although Frame Relay is a Layer 2 
technology, it does not work across a broken physical link. If these lower layers are broken, you 
are wasting your time troubleshooting the upper layers. 


The commands show ip interface brief, show interface sO, show controllers s 0, as well as 
link lights are all invaluable Physical Layer tools. Interface resets are a good indication of queued 
packets that have not been transmitted, hardware problems, or clocking signals. Other error 
counts, such as packets input and output and carrier transitions beyond your baseline, are 
worthwhile to analyze. Move up the stack to check the encapsulation or frame type. Are you 
communicating with the frame switch? Remember that the LMI type, whether it be Cisco, ANSI, 
or Q933A must match with the local switch port. Look at the keepalive activity between the local 
router and the frame switch with show frame-relay Imi. Clear the interface counters and watch 
the Num Status Eng Sent and the Num Status Msgs Revd. They should be about the same. Num 
Status Timeouts tracks how many times the status message was not received within the 
keepalive window. Perhaps there is an LMI autosensing issue. The service provider provides the 
DLCls so that they can do the appropriate mapping to get you to your destination. However, 
they are not mistake- proof. Maybe the DLCls are reversed; review the Inverse ARP table with 
show frame-relay map. 


NOTE 


All unassigned DLCIs reported by the frame switch via LMI are assigned to the main 
physical interface as multipoint. Because providers make mistakes, and Inverse ARP 
and CDP are enabled by default, this may cause a security concern. Check show 
frame-relay map frequently for the appearance of unknown DLCls. 


Useshow frame-relay Imi and debug frame-relay Imi like you did back in Examples 8-13 
through8-15 to see whether the router and switch are talking. This debug command does not 
have much of an impact on router operations as most debug commands because the output is 
minimal. It does a great job of showing the LMI exchange for router-to-switch inquiries and 
switch-to-router reply status messages. The (out) StEng is the LMI status inquiry sent by the 
router, and (in)Status is the reply from the frame switch. A full LMI message contains PVC data 
including DLCI, status, and CIR. 


Use the following commands with a little more caution: 


e debug frame-relay events to show counts of packets received on interface 
e debug frame-relay packet to see the packets sent out a Frame Relay interface 


Possible packet types include 0x308, which is a signaling message for DLCI 0, and 0x309, which 


is an LMI message valid with a DLC! of 1023. 


Issue a debug serial interface command early on to see the keepalive activity. Change the 
encapsulation to HDLC to see the keepalive traffic, because if LMI is down for Frame Relay the 
frame interface will not be able to generate keepalives. It only takes three missed keepalives in a 
row to take the line down. You'll look at HDLC a little closer in the next chapter, but the point 
here is that only Cisco HDLC encapsulation supports detection of a looped Layer 1 and still keeps 
the line protocol up so that you may send test traffic. 


Keepalives in the WAN world are truly between you and the service provider, not just your own 
interface. You look at these more in the next WAN chapter. For example: 

e Mineseq is the keepalive sent by the local side. 

e Yourseen is the keepalive sent by the remote side. 


e Mineseen is the local keepalive seen by the remote side. 


NOTE 


Always remember to turn off all debug processing when finished testing. Remember, u 
all is short for undebug all or no debug all. 


Perhaps the issue is not with configuration at all but with performance. Take a look at the output 
ofshow frame-relay traffic in Example 8- 32. 


Example 8-32. show frame-relay traffic 


rl#show frame-relay traffic 
Frame Relay statistics: 
ARP requests sent 0, ARP replies sent 0 


ARP request recvd 0, ARP replies recvd 


Any way you look at it, if the frame switch runs out of buffers it looks at the DE packets to see 
what it can discard. In general you can help with performance issues out of the router with 
priority queuing. Frame Relay traffic shaping assists with switch congestion. Relate this back to 
theChapter 3, "Shooting Trouble with IP," subnetting analogy with the congestion of the cars 
crossing the Chesapeake Bay Bridge. The Mass Transit Authority (MTA) borrows lanes as 
appropriate to facilitate roadwork and east-bound and west-bound access. However, the 
improved EZPass system dedicates one or more lanes to local commuters. 


Numerous issues relate to routing protocols, mostly broadcast or multicast in nature. Yet Frame 


Relay is NBMA. This creates some interesting results and is actually another book in itself. 
Throughout this book, | have you experiment with some of the more common issues with routing 
protocols. The next section speaks to running those routing protocols over the Frame Relay data 
link. 


NOTE 


Other routing reference material from Cisco Press you can read includes Henry 
Benjamin'sCCNP Practical Studies: Routing; Troubleshooting |P Routing Protocols 
(Shamim, Aziz, Liu, Martey); and J eff Doyle's Routing TCP/IP, Volumes | and II (Cisco 
Press). Another excellent book is Advanced IP Routing in Cisco Networks (McGraw-Hill 
Osborne) by Terry Slattery and Bill Burton. 


Frame Relay and Routing Protocols 


Routing protocols such as Open Shortest Path First (OSPF), Extended I nterior Gateway Routing 
Protocol (EIGRP), Intermediate System-to-Intermediate System (1S-IS), and Border Gateway 
Protocol (BGP) all run over Frame Relay. Cisco's implementation of Frame Relay supports 
various Layer 3 routed protocols including IP, DECnet, AppleTalk, Xerox Network Systems 
(XNS), Internetwork Packet Exchange (IPX), Connectionless Network Service (CLNS), and so on. 
Whether Frame Relay or another WAN transport, if there are traffic issues or memory issues due 
to large routing tables, first make sure you have properly summarized according to the routing 
protocol rules. Unfortunately, the commands are all slightly different with summarizing each and 
every routing protocol. As! have alluded to in this chapter, with Frame Relay reachability issues 
exist when using multiple PVCs over a single interface. Depending on the topology, split horizon 
may be doing its job of reducing routing loops but causing other problems because of the NBMA 
nature of Frame Relay. 


For example, IP split horizon is disabled by default on Frame Relay interfaces. However, this 
creates a problem with protocols such as |PX and AppleTalk because they rely on split horizon to 
work properly. To make a long story short, regardless of protocol the workaround is 
subinterfaces. Subinterfaces resolve many upper-layer routing issues. Multipoint and point-to- 
point subinterfaces were discussed back in the "Frame Relay at the Physical Layer" section. 


Now I'll review EIGRP, then OSPF, then IS-IS, and finally BGP because they are all very common 
in the real world today. My goal is just to quickly review some of the common commands to help 
you recognize some of the issues of running these routing protocols over Frame Relay to prepare 
you for the Trouble Tickets and practical application. Refer back to the general discussion of IP 
routing protocols back in Chapter 3. 


EIGRP over Frame Relay 


EIGRP, encapsulated in the IP header as protocol number 88, works well in the LAN and the 
WAN. However, the topology type has an impact on neighbor adjacencies across the WAN. 

EI GRP operates over multicast address 224.0.0.10, but Frame Relay is an NBMA technology by 
default. Nonbroadcast means no multicast either. 


The big issues to review with EIGRP over Frame Relay include how EIGRP uses the bandwidth. It 
is crucial that you configure your bandwidth statements, because by default EIGRP can use up to 


half of the bandwidth. If you don't configure the bandwidth and you allow EIGRP to use 50 
percent of the default 1.544 Mbps for a serial link when you really only have a 56 kbps or 64 
kbps link to begin with, and you have a big topology table, and routes start flapping, you 
probably won't be too happy with EIGRP. You are already familiar with the bandwidth statement, 
but you can configure the percentage of bandwidth that EI GRP is allowed to use using the ip 
bandwidth- percent eigrpas-number percent command. For example, ip bandwidth-percent 
eigrp 100 200 allows EIGRP autonomous system 100 to utilize 200 percent of the configured 
bandwidth. So if the bandwidth is configured to 25 kbps, EIGRP would be allowed to use up to 
50 kbps. Obviously you need to make sure the line is provisioned appropriately. On the other 
hand, you may want to lessen the percent number so that the routing updates are not 
consuming all of your bandwidth. 


Speaking of provisioning bandwidth for the WAN, the best practice is to configure the bandwidth 
to be the CIR of the PVC—unless, of course, you have a 0 CIR; but | guess you wouldn't have 
anything to complain about if that were the case. That method works just fine for point-to- point 
PVCs, but for multipoint, E1GRP uses the bandwidth on the main interface divided by the number 
of neighbors to get the neighbor bandwidth. In effect there is a single entry point with multiple 
exit points so that the bandwidth is equally shared. If there are varying CIRs, it is a better 
practice to convert to point-to-point subinterfaces As a workaround, you can manually configure 
the bandwidth by taking the lowest CIR and multiplying by the number of PVCs. Be careful not to 
oversubscribe yourself. Adjust the E1GRP bandwidth percent so that you have about a 1:1 ratio 
for the amount of bandwidth that EIGRP can use. 


Another big issue with ElGRP on the WAN in general is making sure you limit the need to know 
through summarization, outbound route filters, and distribute lists as to not end up with Stuck in 
Active (SIA) routes. If a router cannot answer a query because it is too busy or has memory 
problems, that is one problem, but if the WAN circuit is down or only works in one direction, 
some packets may be lost. Although not required, a hierarchical design model increases El GRP's 
scalability on the WAN. 


NOTE 


Just a word of caution, EIGRP can form one-way neighbor relationships, but OSPF 
can't. 


You will configure EIGRP in the Trouble Tickets. For now, however, the discussion turns to OSPF 
over Frame Relay. 


OSPF over Frame Relay 


OSPF works over nearly every data link out there, including Frame Relay. Like EIGRP, the 
topology type has a big impact on how adjacencies are created. OSPF is encapsulated in the IP 
header as protocol number 89. Keep in mind that OSPF works over multicast addresses 
224.0.0.5 and 224.0.0.6, but by default Frame Relay as well as ATM and X.25 are NBMA data- 
link technologies. |n OSPF, if you don't have any neighbors you obviously don't have link-state 
advertisements (LSAs) in the link- state database or any OSPF-learned routes in the routing 
table. 


OSPF considers Frame Relay NBMA to be like any other broadcast media for its data-link 
transport. The default hello interval is 30 seconds, and the default dead interval is 120 seconds. 


As you can review in Table 8-3, there are two RFC-compliant modes and three additional modes 
from Cisco to control how OSPF operates over NBMA. This is not just another table to memorize. 
These modes really determine how the hello protocol and flooding work. Remember that OSPF 
uses multicast. The big issue with OSPF over an NBMA topology is that the designated router 
(DR) and backup designated router (BDR) need a list of all other routers to establish 

adj acencies. 


Table 8-3. OSPF over NBMA Modes 


Mode Topology Addressing Adjacency 

RFC 

NBMA Full mesh One subnet [* Manual 
configuration 
DR/BDR 

Point-to- multipoint Partial mesh One subnet Automatic 


configuration 
Hub-and-spoke 


No DR/BDR 
Cisco 
Broadcast Full mesh One subnet Automatic 
configuration 
DR/BDR 
Point-to- multipoint Partial mesh One subnet [*lManual configuration 
nonbroadcast 
Hub-and-spoke No DR/BDR 
Point-to- point Partial mesh Multiple Automatic 
subnets 
Hub-and-spoke No DR/BDR 


Using 
subinterfaces 


(*] It is good practice to configure neighbor statements on both ends although it may work with one. You can 
further control OSPF ona neighbor-by-neighbor basis using the [priority], [poll-interval], and [cost] 
options. 


Rather than the default NBMA multipoint connectivity, Frame Relay more commonly operates in 
a hub- and-spoke topology. Other topologies include partial and full mesh. 


NOTE 


For the modes in Table 8-3 that do elect DR/BDR, it is important for the routers elected 
to have a direct connection (PVC) to each of the other routers. 


Configure the OSPF network modes using the ip ospf network interface configuration 
command. Interfaces and multipoint subinterfaces default to NBMA. Other interfaces can be set 
to the RFC- compliant NBMA mode using the ip ospf network non- broadcast command. 
Nothing defaults to the RFC point-to- multipoint mode, but the command to set it is ip ospf 
network point-to- multipoint [non-broadcast]. The [non-broadcast] option is for the Cisco- 
defined mode. The other Cisco modes are set using ip ospf network broadcast and ip ospf 
network point-to-point. Broadcast mode acts like Ethernet, Token Ring, or FDDI, and point- 
to-point is the default for point-to-point subinterfaces. So to summarize, either use frame map 
with the broadcast parameter, subinterfaces as point-to-point links, or OSPF neighbor 
statements. 


Refer back to these commands later as you work through the rest of this book. For now move on 
to IS-IS over Frame Relay. 


IS-IS over Frame Relay 


Integrated Intermediate System-to-I ntermediate System (IS-IS) is more often used in the 
service provider world, as is BGP. However, IS-IS is an |GP and BGP is an Exterior Gateway 
Protocol (EGP). It was developed by I|SO to support OSI protocols (especially CLNS and CLNP) 
and later extended to support IP. IS-IS is not carried in an|IP packet but rather encapsulated 
directly into Layer 2. However, it is more like OSPF than other routing protocols. 


Similarities include the following: 


e Both are link- state routing protocols that use the SPF/Dijkstra algorithm. 

e Both use hello packets to form neighbor adj acencies. 

e Areas form a built-in two-level hierarchy. 

e Both are classless routing protocols (Support variable -length subnet masking [VLSM]). 
e Both support authentication. 

e Both use the concept of a DR. (IS-IS called this DIS.) 


Cisco routers can operate as Level 1 (L1), Level 2 (L2), or L1/L2 routers. L1s are similar to OSPF 
internal routers and hold a copy of the link-state database for the local area. L2s are similar to 
OSPF Area Border Routers (ABRs). They interconnect areas and store interarea information, both 
local links and information about remote areas. L1/L2 routers are similar to OSPF backbone 
routers. There are separate adjacencies for Ll and L2. However, adjacencies occur with all 
routers, not just with the DR like in OSPF. 


Although OSPF and IS-IS are quite similar, a couple of things set IS-IS ahead for very large 
networks. For example, there is not as much confusion over the network types; |1S-IS networks 
are either broadcast or point-to-point. With the IS-IS L1, L2, L1/L2 design, there are fewer link- 
state packets to process, so it is less processor intensive, too. |n OSPF, the MAXAGE of an LSA 
starts at O and counts upward to a fixed value. In practice, this means the lifetime of an LSA is 
two hours, after which it must be refreshed and flooded across the entire area. Obviously, this 
causes excessive traffic in the core. If in fact you have only one huge OSPF area, every single 
LSA will need to be refreshed at least once every two hours. Worse yet, if a router misses one of 
the refreshed LSAs, there is no longer a route. LSA MAXAGE is hard coded into the protocol for 
OSPF. However, IS-1S counts its equivalent to MAXAGE in reverse. It starts at a number that the 


user defines and counts down to O. By increasing this refresh interval, you eliminate a lot of the 
overhead of the protocol. Many service provider networks set the refresh interval to the 
maximum and run IS-IS with thousands of routers in a single level with no ill effects. 


IS-I1S is a viable OSPF alternative. A network service access point (NSAP) is the location where 
OSI network services are provided to the Transport Layer. All routers in the same area must use 
the same area address. Rather than the router ID that OSPF uses, IS-IS uses the OSI NSAP 
address. The NSAP structure includes the area identifier; the system ID/MAC; and the selector 
(00). The area identifier loosely equates to the network. The system |D/MAC identifies an 
individual device. You can think of the Selector byte kind of like an IP port. L1 and L2 routing are 
based ona unique system ID. Typically the system ID is the MAC address in the CLNS world and 
the IP address in the |P world. 


When troubleshooting |S-IS over Frame Relay in particular, remember that it does not have 
parameters like the ip ospf network command. Commands such as show isis topology, show 
clns route, show isis route, which route, show clns neighbor, show isis database, clear 
isis *, show frame-relay map, and debug isis adj packet are quite helpful in supporting IS- 
IS. 


As far as Frame Relay is concerned, do not configure ip router isis on the main interface 
because IS-IS will treat it like a broadcast network and adjacency will not occur. You must have 
full- mesh PVCs to implement 1S-IS in a point-to- multipoint environment. J ust as with OSPF over 
hub-and-spoke Frame Relay where the DR needs to be the hub router, this is true with I1S-IS, 
too. The DR in IS-IS is called the DIS. 


BGP, like 1S-IS, really doesn't have as many Frame Relay-specific issues but is something you 
may need to support. If you are interested in more detail in the BGP area, look at Internet 
Routing Architectures by Sam Halabi (Cisco Press) and Routing TCP/IP, Volume I1, by Jeff Doyle 
and J ennifer DeHaven Carroll (Cisco Press). 


BGP over Frame Relay 


BGP is a loop-free Application Layer connection-oriented reliable EGP that runs over TCP port 
179. Instead of a single metric, there are a series of attributes. BGP runs as EBGP between 
autonomous systems and as |BGP within an autonomous system. 


BGP runs over various data links including Frame Relay. Unlike the other routing protocols, it is 
encapsulated within TCP. Some of the specific issues with BGP over Frame Relay include the use 
of the ebgp- multihop command when Exterior Border Gateway Protocol (EBGP) neighbors are 
not directly connected. Also, when using a loopback in the neighbor statement, use neighbor 
ip-address update- source loopbackloopback#. Network statements don't initialize anything 
like an|GP; they are what you advertise. 


Although not just related to Frame Relay, next-hop-self and synchronization are two commonly 
misunderstood topics when deploying IBGP. IP carries traffic, but BGP carries routes—and there 
is no way you want BGP to advertise a bad route. BGP bad routes induce autonomous system 
inconsistencies and black holes into your network. 


The synchronization rule says not to use (or advertise to an external neighbor) a route learned 
via Interior Border Gateway Protocol (I BGP) until a matching route has been learned from an 
Interior Gateway Protocol (IGP). Hence, BGP must wait until the IGP propagates routing 
information across the autonomous system, which causes BGP to be synchronized with the IGP. 
Only then are routes added to the IP routing table. It is practical to turn off synchronization 
whenall routers within an autonomous system are running full-mesh |BGP, which is designed to 
propagate routes within an autonomous system to another autonomous system when another 


IGP is not being used. 


You can relate synchronization on (the default) to being an apprentice at something. For 
example, | am always learning or teaching new topics. When | teach a class for the first time, it 
is helpful to have someone confirm what | am talking about or check my work. When | have 
some experience teaching a topic, however, | no longer need someone to confirm what | already 
know; this is the stage similar to when you would turn synchronization off in BGP. 


InFigure 8-11 both rl and r2 should have no synchronization in their router configurations. 


Figure 8-11. BGP Next-Hop-Self and Synchronization 


AS 65500 = 
pose nae = Deoews-pekesee Nae 
ae ow 
i no synch 
rl ree 
no synch core = 
neigh r2jpaddress next-hop-self ~“"~------.... le ( ~ = 
PVC2 ic) 
AS 65530 


r1 tells r2 next hop is 

r3 and r2 can't get there. 

With next-hop-self rl says, “Hey neighbor r2 
use me to get to another autonomous system.” 


Figure 8-11 also illustrates the next-hop-self concept. rl has both EBGP and IBGP neighbors. 
When r1 passes along an externally learned route to its internal neighbor r2, it offers r2 the 
convenience of going through rl to get to the external system. The command is always 
configured on the router with an interface in EBGP and IBGP, and in Figure 8-11 that is r1. This 
command (neighborr2ipaddressnext-hop-self) does not replace the neighbor statement; it is 
an additional statement. 


Remember BGP is an EGP and every change you make effects not only you but also your peers. 
With any BGP changes, you normally need to reset the neighbor. Although fine in a lab 
environment,clear ip bgp * can be detrimental to you and whomever you are peering with in 
practical application. So always replace the * with the neighbor's IP address, otherwise you may 
find out very quickly more than you ever wanted to know about network instability and service 
provider route dampening. In a nutshell, dampening is where the service provider can suppress 
your routes according to the criteria within the bgp dampening ? command. In 12.0 code and 
above, soft resets were introduced if your neighbor supports them. Refer to the |OS release 
notes for "BGP Soft Reset Enhancement." 


Just as you experienced in the chapter scenarios, you really do need to think about how things 
work in order to support them. You will experiment with running the various routing protocols 
over Frame Relay in the Trouble Tickets. Obviously Layer 3 and above routing protocols still 
depend on Layer 2 and Layer 1. 


You must take the divide- and-conquer approach on the WAN. Half the battle is determining 


whether it is your issue or a service provider issue; then you can work your way up the layers. If 
you get LMI but not your other DLCls, for instance, you don't have much choice but to contact 
the service provider so that they can perform some remote loopback testing. 


Frame Relay Loopback Testing 


Loopback tests can help you define the extent of WAN problems in general. Your provider will 
certainly be happy and probably more willing to assist if you have already verified your side of 
things.Figure 8-12 shows four different loopback tests. Depending on your exact equipment, 
you can familiarize yourself with the appropriate loopback commands and menus. 


Figure 8-12. Loopback Testing 
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Theshow interfaces sO command shows the looped status and how the keepalives continue to 
increment. Use an extended ping to verify the data pattern and size to test connectivity up to the 
CSU/DSU. If the pings are not at least 80-percent successful, the problem is physical in nature 
between the local router and CSU/DSU as in Figure 8-12(A). 


Figure 8-12(B) shows a local loopback test to test connectivity through the local CSU/DSU. 
Figure 8-12 is a remote loopback through the local CSU/DSU and up to the remote CSU/DSU. 
Problems here indicate issues in the cloud. Figure 8-12 is an external loopback, which could 
indicate a problem with the remote CSU/DSU. 


Keep in mind that timing is important in troubleshooting as well. While you are testing things 
out, the service provider may have already caught and fixed the problem. So don't be too 
stumped when you go through all of this and then the data link is up as it should have been in 
the first place. What | am saying is that it doesn't hurt to repeat commands that you started with 
in the first place. 


Regardless of the loopback testing type, the best command you can run while testing is an 
extended ping while you monitor your serial interface with a command such as show interfaces 
sO. To get the extended ping commands, just type ping from privilege mode and make your 
selections. For example, you could set the repeat count to 100, the datagram size to 1500, and 
vary the data pattern. The default data pattern is Oxabcd. Try the following data patterns to help 
detect CSU/DSU or cable issues: 0x0000, 0x1111, Oxaaaa, and Oxffff. Extended ping was 
introduced back in Chapter 2, "What's in Your Tool Bag." 


NOTE 


Remember to restore your router back to its original setting after the loopback tests. It 
is also a good idea to carry a "hard" loopback plug in your tool bag to round out the 
possible tests. 


The chapter scenarios exposed you to supporting Frame Relay by taking a layered practical 
methodical approach just as the other chapters did. Make sure you save all configurations and 
repeat any steps in which you need more practice. 


Once again it is time for the chapter Trouble Tickets. The plan here is to give you several things 
to do, let you make mistakes and fix some things on your own, and to introduce other problems 
that you should have some experience with as a support person. 


Trouble Tickets 


Complete the following Trouble Tickets in order. Use the information and tools from this chapter 
and the previous chapters to analyze, test, and document as you go. Feel free to create your 
own Physical Layer or other problems if you need more practice in that area. | want you to shoot 
the troubles of using routing protocols over Frame Relay to make things a little more realistic to 
the practical environment. Feel free to change the routing protocol to what you actually use to 
troubleshoot issues specific to your needs. As always, sample solutions are provided after this 
section. 


Trouble Ticket 1 


Configure and troubleshoot BGP over Frame Relay using Figure 8-13 as a guide. Continue with 
the multipoint subinterfaces topology back in Figure 8-10. Just add the additional point-to-point 
PVC and configure BGP to allow communication among all sites. Document the issues and save 
all configuration changes. 


Figure 8-13. Trouble Ticket 1: BGP over Frame 
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Trouble Ticket 2 


Configure and troubleshoot OSPF over Frame Relay using the same physical layout as in Figure 
8-13. You have the requirement to use default or static routes between rl and r5. Add at least 
one loopback to each router to simulate multiple networks. Document and save all issues and 
configuration changes. 


Trouble Ticket 3 


Alternatively, you could have configured the ip ospf network point-to- multipoint interface 
command instead of manually configuring the neighbor statements in the preceding Trouble 
Ticket. Give it a try. 


Trouble Ticket 4 


Shut down the interfaces on the frame switch and observe the results on the other routers. 


Trouble Ticket 5 


Sometimes SPs may mix up the DLCls for the PVCs. Perhaps they gave you the right information 
this time, but they incorrectly did their mapping on the frame switch. Today you are the service 
provider, and | want you to simulate this scenario by routing what comes in the r3 interface sO/1 
as DLCI 102 out the sO/0 interface as DLCI 101. Observe the results, but be sure to fix the 
problem before you move on to the next Trouble Ticket. 


Trouble Ticket 6 


Turn on Frame Relay compression for one end of the PVC between rl and r5. Document the 
results. Fix the issues without turning compression off. Then turn compression off and make sure 
things still work. 


Trouble Ticket Solutions 


These solutions are not always the only way to perform these tasks. Compare your results. 


Trouble Ticket 1 Solution 


First connect the physical cable between r5 and the frame switch. Then configure the frame switch 
to handle the new PVC, and then rl and r5 as in Example 8- 33. 


Example 8-33. Configuring the Frame Switch, rl, and r5 


!!!frame switch configuration for new PVC 
frame-switch#configure terminal 

frame-switch(config) #interface s0/3 
frame-switch(config—-if) #bandwidth 64 
frame-switch(config-if) #clock rate 64000 
frame-switch(config-if) #encap frame 
frame-switch(config—-if) #frame-relay intf-type dce 
frame-switch(config-if) #frame route 101 interface s0/0 105 
frame-switch(config-if) #no shut 
frame-switch(config—if) tend 

frame-switch#copy running-config startup-config 

I'l ’el configuration for poant=-to=point. PVC 105 
rl#configure terminal 

rl(config) #interface s0.105 p 

rl (config-subif) #bandwidth 64 

rl(config-subif) #ip address 172.16.8.5 255.255.255.252 
rl (config-subif) #frame-relay interface-dlci 105 


rl1l(config-fr-dlci)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 


Il 'ro configuration for pornt=to=point PVC 101 


Router#configure terminal 


Router (config) #hostname r5 


r5(config) #interface sO 


r5(config-if) #encap frame 


r5(config-if) #interface s0.101 p 


r5(config-subif) #bandwidth 64 


r5(config-subif)#ip address 172.16.8.6 255.255.255.252 


r5(config-subif) #frame-relay interface-dlci 101 


r5 (config-fr-dlci) #exit 
r5(config-if)#no shut 


r5(config-if) #end 


Then ping to test the new configuration. Because ping should be unsuccessful at this point, | do 
not show the output. Continue your testing as in Example 8-34. 


Example 8-34. Checking the I nterfaces for r5 and rl 


r5#show ip interface brief 


Interface 


B 


B 


B 


E 


RIO 


RTO:1 


RIO:2 


thernet0O 


SerialO 


SerialO.101 


Seriall 


IP-Address 


unassigned 


unassigned 


unassigned 


unassigned 


unassigned 


VIZ 5163 Bx 16 


unassigned 


r5#elock set 6:38:00 Dec 13 2002 


OK? 


Method Status 


unset 


unset 


unset 


unset 


unset 


manual 


unset 


administra 


administra 


administra 


administra 


administra 


down 


tive 


tive 


tivel 


tivel 


tivel 


LY 


ly 


LY 


LY 


ly 


administratively 


down 


down 


down 


down 


down 


down 


Protocol 


down 


down 


down 


down 


down 


down 


down 


r5#configure terminal 


r5(config) #service timestamps debug datetime localtime msec 


r5(config) #service timestamps log datetime localtime msec 


r5(config) #enable secret donna 
r5(config) #line vty 0 4 
r5(config-line) #password donna 
r5(config-line) #exit 

r5 (config) #line console 0 
r5(config-line) #logging synchronous 
r5 (config-line) #exit 

r5(config) #interface sO 
r5(config-if)#no shut 
r5(config-if) tend 


r5#copy running-config startup-config 


rl#show ip interface brief 


Interface IP-Address 
Ethernet0O unassigned 
Ethernetl unassigned 
Serial0o unassigned 
Serial0.100 192 51.68':8:; 1 
Serial0.105 TI2. 1L.6i8%-5 
Seriall unassigned 


rl#configure terminal 
rl(config) #interface sO 


rl(config-if)#no shut 


OK? 


YES 


YES 


YES 


YES 


YES 


YES 


Dec 13 18:40:51.930: SLINEPROTO-5-UPDOWN: 


changed state to up 


Method 


unset 


unset 


unset 


manual 


manual 


unset 


Status Protocol 


administratively down down 


administratively down down 


up up 
up up 
down down 


administratively down down 


Line protocol on Interface Serial0. 


105, 


Dec 13 18:40:51.938: SFR-5-DLCICHANGE: Interface Serial0O 


r 


to ACTIVE 


Dec 13 18:41:01.346: SFR-5-DLCICHANGE: Interface SerialO 


r 


to DELETED 


- DLCI 105 state changed 


- DLCI 105 state changed 


Dec 13 18:41:01.346: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.105, 


changed state to down 
rl (config-if) #end 


rl#copy running-config startup-config 


Although you brought the administratively down interface up, the DLCI is still in a deleted state. 
Look at the routers and the frame switch in Example 8-35 to determine the problem. 


Example 8-35. Troubleshooting r1, r5, and the Frame Switch 


rl#show run interface s0.105 


interface Serial0.105 point-to-point 
bandwidth 64 

ip address 272:.16.8:25, 255.255.255.252 
no ip directed-broadcast 

frame-relay interface-dlci 105 
end 


rl#show frame-relay map 


Serial0.100 (up): ip 192.168.8.2 dlci 102 (0x66,0x1860):, 


broadcast, 


CISCO, status defined, active 


Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), 


broadcast, 


static, 


Static, 


CISCO, status defined, active 
Serial0.105 (down): point-to-point dlci, dlci 105(0x69,0x1890), broadcast 
status deleted 
r5#show frame-relay map 
SerialQ.101 (down): point=to=point dlici, dlci 101(0x65,0x1850), broadcast 
status defined, inactive 


frameswitch>show frame-relay route 


Input Intf Input Dlci Output Intf Output Dlci Status 
Serial0/0 102 Serial0/1 101 active 
Serial0/0 104 Serial0/2 LO. active 
Serial0/1 101 Serial0/0 102 active 
Serial0/2 101 Serial0/0 104 active 
Serial0/3 101 Serial0/0 105 inactive 


Hopefully, you see that you have a missing route statement from the frame switch, but how did 
you know what to look for? Instead of looking at the running configuration, you can check 
statuses: A good indication of this issue is the deleted status for DLC! 105 as well as the other end 
of the PVC being inactive. Fix these issues as in Example 8- 36. 


Example 8-36. Adding the Missing Frame Route Statement 


frame-switch#configure terminal 

frame-switch(config) #interface s0/0 

frame-switch(config-if) #frame route 105 interface s0/3 101 
frame-switch(config-if) #no shut 

frame-switch(config—-if) # 

4d05h: %FR-5-DLCICHANGE: Interface Serial0/0 - DLCI 105 state changed to ACTIVE 


4d05h: %FR-5-DLCICHANGE: Interface Serial0/3 - DLCI 101 state changed to ACTIVE 


frame-switch(config—if) tend 


frame-switch#copy running-config startup-config 


Now that everything appears to be configured properly, show the Inverse ARP tables on each 
device and verify connectivity as in Example 8- 37. 


Example 8-37. Testing the New PVC 


rl#show frame-relay map 

Serial0.100 (up): ip 192.168.8.2 dlci 102(0x66,0x1860), static, 
broadcast, 
CISCO, status defined, active 

Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 
CISCO, status defined, active 


Serial0:.105. (up): point=to=point dilci, di¢i 105 (0x69,0x1890), broadcast 


status defined, active 
r2#show frame-relay map 
Serial0.101 (up): ip 192.168.8.1 dlci 101(0x65,0x1850), dynamic, 
broadcast,, status defined, active 


frame-switch#show frame-relay route 


Input Intf Inpuey Dicer Output Intf Output Dlci Status 
Serial0/0 102 Serial0/1 101 active 
Serial0/0 104 Serial0/2 101 active 
Serial0/0 HOS: Serial0/3 101 active 
Serial0/1 101 Serial0/0 102 active 
Serial0/2 LOL Serial0/0 104 active 
Serial0/3 101 Serial0/0 105 active 


r4#show frame-relay map 


Serial0/0.101 (up): ip 192.168.8.1 dlci 101(0x65,0x1850), dynamic, 


broadcast,, status defined, active 
r5#show frame-relay map 
SerialQ.101 (up): point=to=point dlci, dici 101 (0x65,0x1850), broadcast 


status defined, active 


Active is the status you wanted to begin with on the frame switch and all the routers. Compare the 
findings in the preceding example to your drawing. 


Save your configurations and move up the stack to work on the routing protocol. Configure BGP as 


inExample 8-38. r1 should advertise the 192.168.8.0 network to the other AS. r2 and r4 should 
be configured such that they use rl to get tor5. 


Example 8-38. Configuring BGP over Frame Relay 


r1l(config) #router bgp 65520 


rl (config-router) #network 192.168.8.0 


rl (config-router) #neighbor 192.168.8.2 remote-as 65520 
rl1l(config-router) #neighbor 192.168.8.4 remote-as 65520 


rl (config-router) #neighbor 172.16.8.6 remote-as 65525 


rl(config-router) #neighbor 192.168.8.2 next—hop-self 


rl1l(config-router) #neighbor 192.168.8.4 next—hop-self 


rl(config-router) #no synchronization 
rl (config-router) #end 


rl#copy running-config startup-config 


r2#configure terminal 
r2 (config) #router bgp 65520 


r2(config-router) #neighbor 192.168.8.1 remote-as 65520 


r2 (config-router) #end 


r2#copy running-config startup-config 


r4#configure terminal 

r4(config) #router bgp 6520 

r4(config-router) #router bgp 65520 

BGP is already running; AS is 6520 

!'! loops I made a typo 

r4(config)#no router bgp 6520 

r4 (config) #router bgp 65520 

r4(config-router) #neighbor 192.168.8.1 remote-as 65520 
v4 (config-router) #end 


r4#copy running-config startup-config 


r5#configure terminal 

r5(config) #router bgp 65525 

r5(config-router) #neighbor 172.16.8.5 remote-as 65520 
r5(config-router) #end 


r5#copy running-config startup-config 


While setting up the BGP process, | made a typo. Actually it is a good way to prove that that while 
other routing protocols (such as OSPF and EIGRP) will run multiple processes, BGP will only runa 
single process. It is fine to advertise the 192.168.8.0 network without the mask statement 
because it is on the class boundary, and the manual neighbor statements are necessary because 
absolutely nothing in BGP is automatic. In looking at Figure 8-13, rl has two |IBGP peers 
(neighbors) and one EBGP peer (neighbor). The next-hop-self statement is needed for the |BGP 
peer to use rl to get to the other AS because rl has an interface in both autonomous systems. On 
the spoke routers, only the BGP process and neighbor statements are configured. 


Perform the neighbor testing in Example 8-39. What TCP or BGP state are the neighbors in? Are 
they receiving prefixes? 


Example 8-39. Identifying BGP Neighbors 


rl#show ip bgp summary 


BGP router identifier 192.168.8.1, local AS number 65520 


BGP table version is 2, main routing table version 2 
1 network entries and 1 paths using 121 bytes of memory 
1 BGP path attribute entries using 96 bytes of memory 


BGP activity 1/0 prefixes, 1/0 paths 


Neighbor Ag AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRced 
172.16 08:..6 4 65525 5 6 2 0 0 00:02:49 0 
192.168.8352 4 65520 7 8 2 0 0 00:04:19 0 
192.168.8.4 4 65520 6 7 2 0 0 00:03:42 0 


Theshow ip bgp summary command is an excellent way to BGP statistics and your neighbors. 
Any number, including 0 in the State/PfxRcd column, indicates that the neighbors are ready to 
receive prefixes. Thus they have completed both the TCP and BGP sessions. Investigate the TCP 
and BGP sessions a little further in Example 8-40. 


Example 8-40. Displaying the TCP and BGP Sessions 


rl#debug ip bgp events 


BGP events debugging is on 

rl#configure terminal 

r1l(config) #interface s0 

rl (config-if) #shut 

r1l(config-if)#no shut 

Dec 13 20:01:06.813: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, 
changed state to down 


Dec 13 20:01:06.817: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.105, 


changed 
Dec 13 20: 


Dec 13 20: 


Dec 13 20: 


Dec 13° 20% 
version 
Dee: 13-20% 
version 
Dee 13°20 
version 
Dee: 13-20 
version 
Dec 13 20% 
changed 
Dec 13° 20 
changed 
Dec 13: 20% 
version 
Dec 13° 20% 
version 
Dec 13 20% 
version 
Dec 13-20% 
version 
13 


Dec 20% 


Dec 13 20: 


Dec 13 20: 


Dec 13 20: 


state to down 

01:07.065: BGP: 172.16.8.6 reset requested 

O12707.0652 BGP: 172.16.'8.6 reset dué to Interface flap 

O1207.069% BGP: 172.16.8.6 went. from Established to Idle 

01:08.305: BGP: 192.168.8.2 computing updates, neighbor version 2, table 
3) Starting at. -0..0..0:.0 

01:08.309: BGP: 192.168.8.2 update run completed, ran for Oms, neighbor 

2, start version 3, throttled to 3, check point net 0.0.0.0 

01:08.313: BGP: 192.168.8.4 computing updates, neighbor version 2, table 
3, Stadrtang at 0..0..0..0 

01:08.317: BGP: 192.168.8.4 update run completed, ran for Oms, neighbor 

2, start version 3, throttled to 3, check point net 0.0.0.0 

01:08.809: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.100, 

state CO: up 

01:08.813: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0.105, 

state to up 

01:12.837: BGP: 192.168.8.4 computing updates, neighbor version 3, table 
4,. startang at 0..0..0..0 

01:12.841: BGP: 192.168.8.4 update run completed, ran for Oms, neighbor 

3, start version 4, throttled to 4, check point net 0.0.0.0 

01:13.945: BGP: 192.168.8.2 computing updates, neighbor version 3, table 
4,. starting at 0..0.0..0 

01:13.949: BGP: 192.168.8.2 update run completed, ran for Oms, neighbor 

3, start version 4, throttled to 4, check point net 0.0.0.0 

O1227.845: BGP: 172.16.8.6 went from Idle to Active 

01:40.749: BGP: scanning routing tables 

01:2:55.969: BGP: 172.16.8.6 went from Active to OpenSent 

01:56.5812 BGP: 172.16.8.6 went from OpenSent to OpenConftirm 


Dec 13 20:01:56.817: BGP: 172.16.8.6 went from OpenConfirm to Established 

Dec 13 20:01:56.921: BGP: 172.16.8.6 computing updates, neighbor version 0, table 
version 4, starting at 0.0.0.0 

Dec 13 20:01:56.925: BGP: 172.16.8.6 update run completed, ran for Oms, neighbor 
version 0, start version 4, throttled to 4, check point net 0.0.0.0 

rl (config-if) #end 

rl#undebug all 


rl#copy running-config startup-config 


Although there are other commands, | find show ip bgp summary to be a very valuable tool. It 
not only enables you to see the neighbor relationship, if there are problems it shows the actual 
TCP or BGP state you are in with each neighbor. The first three states are TCP connections and the 
last three are BGP connections with established being the Promised Land. 


NOTE 


Active sounds good—and it is, when you are talking DLCls in Frame Relay—but in BGP 
routing, it means the TCP session is not yet established, as in "actively trying." 


You can very quickly look at the State/PfxRcd column to check BGP neighbor issues. Numbers 
mean you are receiving prefixes; words mean you are stuck in another state for some reason. If 
you do everything right the first time, it is hard to learn from your mistakes, but the debug ip 
bgp events command clearly shows you the steps a neighbor goes through. The show ip bgp 
neighbor command gives you specifics about the neighbor and displays the established state. It 
also tells you whether the neighbor is internal or external. Compare the output of show ip bgp 
summary in Example 8-39 to show ip bgp neighbors in Example 8-41. 


Example 8-41. Viewing Your BGP Neighbors on r1 


rl#show ip bgp neighbors 

BGP neighbor is 172.16.8.6, remote AS 65525, external link 
Index 2, Offset 0, Mask 0x4 
BGP version 4, remote router ID 172.16.8.6 


BGP state = Established, table version = 4, up for 00:15:16 


Last read 00:00:16, hold time is 180, keepalive interval is 60 seconds 
Minimum time between advertisement runs is 30 seconds 
Received 31 messages, 0 notifications, 0 in queue 
Sent 33 messages, O notifications, 0 in queue 
Prefix advertised 2, suppressed 0, withdrawn 0 
Connections established 2; dropped 1 
Last reset 00:16:06, due to Interface flap 
0 accepted prefixes consume 0 bytes 
OQ history paths consume 0 bytes 
Connection state is ESTAB, I/O status: 1, unread input bytes: 0 
hocal. hosts 172.16.2.5, Local. port: 11.005 


Foreign host: 172.16.8.6, Foreign port: 179 


Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes) 


Event Timers (current time is O0xC4A3DA8): 


Timer Starts Wakeups Next 
Retrans 20 0 0x0 
TimeWait 0 0 0x0 
AckHold 1S 13 0x0 
SendwWnd 0 0 0x0 
KeepAlive 0 0 0x0 
GiveUp 0 0 0x0 
PmtuAger 0 0 0x0 
DeadWait 0 0 0x0 
iss: 3426000199 snduna: 3426000604 sndnxt: 3426000604 sndwnd: 15980 


irs: 2443213131 revnxt: 2443213484 rcvwnd: 16032 delrcvwnd: 352 


SRIT: 487 ms, RITO? 3830 ms, RIV: 1428 ms, KRIT: O ms 
minRTT: 40 ms, maxRTT: 300 ms, ACK hold: 200 ms 


Flags: higher precedence, nagle 


Datagrams (max data segment is 1460 bytes): 
Revd: 25 (out of order: 0), with data: 18, total data bytes: 352 


Sent: 34 (retransmit: 0), with data: 19, total data bytes: 404 


'!!The rest of the neighbors are IBGP peers 
BGP neighbor is 192.168.8.2, remote AS 65520, internal link 
Index 1, Offset 0, Mask 0x2 


NEXT_HOP is always this router 


BGP version 4, remote router ID 192.168.8.2 
BGP state = Established, table version = 4, up for 00:27:58 
Last read 00:00:59, hold time is 180, keepalive interval is 60 seconds 
Minimum time between advertisement runs is 5 seconds 
Received 30 messages, 0 notifications, 0 in queue 
Sent 33 messages, 0 notifications, 0 in queue 
Prefix advertised 2, suppressed 0, withdrawn 1 
Connections established 1; dropped 0 
Last reset never 
0 accepted prefixes consume 0 bytes 
OQ history paths consume 0 bytes 
Connection state is ESTAB, I/O status: 1, unread input bytes: 0 
local hosts 192.1600 .38.1, Local ports 179 


Foreign host: 192.168.8.2, Foreign port: 11000 


BGP neighbor is 192.168.8.4, remote AS 65520, internal link 


Index 3, Offset 0, Mask 0x8 
NEXT_HOP is always this router 
BGP version 4, remote router ID 192.168.8.4 


BGP state = Established, table version = 4, up for 00:27:26 


Note that the output of show ip bgp neighbors presents you with much more detail than show 
ip bgp summary. For example, it clearly shows the neighbor is in the established state and 
whether the peer is |BGP (internal) or EBGP (external). Continue to verify your neighbors from the 
spoke perspective in Example 8-42. 


Example 8-42. Viewing Your BGP Neighbors on r2, r4, and r5 


r2#show ip bgp summary 

BGP router identifier 192.168.8.2, local AS number 65520 

BGP table version is 4, main routing table version 4 

1 network entries and 1 paths using 121 bytes of memory 

1 BGP path attribute entries using 96 bytes of memory 

BGP activity 1/0 prefixes, 2/1 paths 

Neighbor Vv AS MsgRcevd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 
192). V6.8. 6x1 4 65520 43 40 4 0 O O02 37221 1 
r4#show ip bgp summary 

BGP table version is 6, main routing table version 6 

1 network entries (1/3 paths) using 208 bytes of memory 

1 BGP path attribute entries using 104 bytes of memory 


0 BGP route-map cache entries using 0 bytes of memory 


0 BGP filter-list cache entries using 0 bytes of memory 
Neighbor Vv AS MsgRevd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 
192). L682 8x1 4 65520 43 40 6 0 O O02 37207 1 


!'!!the following shortcut works too 


r5#sh ip bgp sum 

BGP router identifier 172.16.8.6, local AS number 65525 

BGP table version is 4, main routing table version 4 

1 network entries and 1 paths using 121 bytes of memory 

1 BGP path attribute entries using 144 bytes of memory 

BGP activity 2/1 prefixes, 2/1 paths 

Neighbor Vv AS MsgRcevd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 


LIZ oe Bis 4 65520 43 41 4 0 0 00:25:21 1 


|f there would have been any neighbor issues, | would have backed up to make sure | had 
physical connectivity and had manually configured the neighbors. Now that you have verified the 
BGP neighbors, confirm the BGP tables and the routing tables as in Example 8-43. 


Example 8-43. Confirming the BGP and Routing Tables 


rl#show ip bgp 


BGP table version is 4, local router ID is 192.168.8.1 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e —- EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
> 192. 168::.8.2'0 0105 30460 0 327682. 


rl#show ip route 
Codes: C = connected, S = static, IT = IGRP, R = RIP, M = mobile, B = BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i = IS=-IS, Ll = IS=IS level=1, L2 = IS=1S level=2, * = candidate default 
U - per-user static route, o -— ODR 


Gateway of last resort is not set 


€ 192.168.8.0/24 is directly connected, Serial0.100 
172.16.0.0/30 is subnetted, 1 subnets 

Cc 172.16.8.4 is directly connected, Serial0.105 

r2#show ip bgp 


BGP table version is 4, local router ID is 192.168.8.2 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e —- EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
#>1192..168:.:3.2'0 192.168.5821 0 100 OF a 


r2#show ip route 


€ 192.168.8.0/24 is directly connected, Serial0.101 
r4#show ip bgp 


BGP table version is 6, local router ID is 192.168.8.4 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e —- EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
#21192. 168.8 .'0 192. 2168.. 8:24 0 100 O: a. 


r4#show ip route 


Cc 192.168.8.0/24 is directly connected, Serial0/0.101 
r5#show ip bgp 


BGP table version is 4, local router ID is 172.16.8.6 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
eS 192. 168):.8 2/0 72. 16.58:.5 0 O 65520) <2 


r5#show ip route 


B 192.168.8:0/24 [20/01 vate 172516.8.5, 0023330 
172.16.0.0/30 is subnetted, 1 subnets 


Cc 172.16.8.4 is directly connected, Serial0.101 


The only routing table that has BGP routes is r5. Many times routes are in the BGP table but just 
can't make it to the routing table, particularly with IBGP. As discussed earlier, when all routers in 
an AS are running BGP you can safely turn off synchronization. Do that now for rl, r2, and r4 as in 
Example 8-44. Then reset the BGP table. 


Example 8-44. No Synchronization 


rl(config) #router bgp 65520 
r1l(config-router)#no synchronization 
rl (config-router) #end 


rl#copy running-config startup-config 


!'!!no synch is short for no synchronization 
r2 (config) #router bgp 65520 
r2(config-router) #no synch 

r2 (config-router) #end 


r2#copy running-config startup-config 


r4(config) #router bgp 65520 
r4(config-router) #no synch 
v4 (config-router) #end 


r4#copy running-config startup-config 


rl#clear ip bgp * 


A word of caution before you perform more testing: For an IBGP peer to propagate routes to 
another IBGP peer, or EBGP peer for that matter, full-mesh connectivity is required. That is not 
too scalable in the practical service provider world, so they tend to use route reflectors or 
confederations for this purpose. Route reflectors allow routes to bounce or reflect from one | BGP 
peer to another. You can think of them as rubber routers if you like. Confederations are like mini- 
autonomous systems to make all neighbors appear as if they are EBGP so that there are no IBGP 
issues. 


Instead of having every router peer with every router for a full-mesh topology, setuprlasa 
route reflector to clients r2 and r4 (IBGP peers) as in Example 8-45. This time reset BGP for only 
the affected peers. 


Example 8-45. Configuring rl as a Route Reflector 


r1l(config) #router bgp 65520 

rl (config-router) #neighbor 192.168.8.2 route—-reflector-client 
rl (config-router) #neighbor 192.168.8.4 route-reflector-client 
rl (config-router) #end 

rl#clear ip bgp 192.168.8.2 


rl#clear ip bgp 192.168.8.4 


rl#copy running-config startup-config 


Test your hybrid point-to-point multipoint hub-and-spoke topology in Example 8-46. 


Example 8-46. Testing the Hub and Spokes 


Yi!rl pangs r2 


rl#ping 192.168.8.2 


Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.8.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 


!Ilrl pings r4 

rl#p 192.168.8.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 


56/56/60 ms 


Success rate is 100 percent (5/5), round-trip min/avg/max 
Vie? pangs! rl 

r2>p 192.168.8.1 

Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 192.168.8.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max 60/60/60 ms 
!!'r2 pings r4 

r2>p 192.168.8.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 

VI lr2) pangs: 15 

c2#p 172.16.8.6 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 172.16.8.6, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


NOTE 


On many devices, p is a shortcut for ping. 


Compare the output of the last couple of examples to Figure 8-13 to determine the problems. 
Recall back in Example 8-43 that there were no BGP learned routes inr1, r2, and r4. Even after 
you turn synchronization off in Example 8-44, these routes do not appear in either the BGP or 
routing table because the 172.16.8.4/30 prefix has not been advertised. That is a very likely 
reason as to why r2 can't ping r5 in Example 8-46. Fix this in Example 8- 47. 


Example 8-47. Advertising the 172.16.8.4 Network 


rl(config) #router bgp 65520 

rl (config-router) #network 172.16.8.4 mask 255.255.255.252 
rl (config-router) #end 

rl#copy running-config startup-config 

rl#clear ip bgp * 

rl#show ip bgp 


rl#show ip bgp 


rl#show ip bgp 


Note that in the preceding example the mask had to be typed in for the network statement 
because it differs from the classful mask. It is easy to forget to type the word mask, but in the 
Cisco software you can always rely on the question mark (?) for help. 


NOTE 


You must have patience to support BGP. Everything is manual in operation, and although 
convergence is relatively fast, sometimes things just take a little more time to appear 
than what you would expect. That is why you see an empty BGP table in Example 8- 47; 
get used to the Up Arrow key to repeat the last command. 


It is important to not configure the network statement on each and every router like you are used 
to with an IGP routing protocol. Remember that BGP is an EGP. You manually configure your 
neighbors and don't need a network statement for adjacency to occur. In an example like Figure 
8-13, however, it was pretty important to advertise the 192.168.8.0 network out to the other AS 
and vice versa. Static and default routes would probably have been more appropriate if you were 
running another IGP inside AS 65520 or if you had multiple networks involved. 


Advertising the 172.16.8.4 network into AS 65520 should allow r2 and r4 to be able to ping r5 in 


the remote AS. First look at the BGP table on rl in Example 8-48, then look at the BGP and 
routing tables on r2 to see whether this is in fact possible. Verify with ping. 


Example 8-48. Testing the Network Advertisement 


rl>show ip bgp 


BGP table version is 3, local router ID is 192.168.8.1 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 
Network Next Hop Metric LocPrf Weight Path 
*> 172:16.8.4/30 0:..0..:0'.:0 0 32768 i 
*> 192).168..'8'.10 0.0.0.0 0 32.768: i 


r2>show ip bgp 


BGP table version is 13, local router ID is 192.168.8.2 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*>2172)..16.8.4/ 30 192.168.8217 0 100 Oa 
*>i192.168.3:.0 1923168 .8:1 0 100 G: 2 


r2>show ip route 


cS 192.168.8.0/24 is directly connected, Serial0.101 
172.16.0.0/30 is subnetted, 1 subnets 

B 172.16.3:.4 [200/0] wia 192.168.8.1, 00206215 

!!!r2 pings r5 via EBGP 

r2>ping 172.16.8.6 

Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 172.16.8.6, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms 
!!!r2 pings r4 via IBGP 

r2>ping 192.168.8.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


Example 8-48 shows how r2 can now reach r5 via EBGP, yet it can't reach r4 via IBGP. The 
remaining issue is that the spoke routers can reach the hub (r1) but not each other. Do not be so 
quick to blame this one on BGP, although it appears that everything is working except the route 
reflectors. By definition the |BGP routes from r2 should bounce off of rl to r4 and vice versa. That 
is not happening here; the ping fails from r2 to r4. Review the examples throughout this Trouble 
Ticket and Figure 8-13 for some hints. 

This is a Frame Relay issue because now you want DC to talk to VA and VA to talk to DC through 
HQ. This was not a requirement in any of the chapter scenarios or Trouble Tickets thus far. 
Currently, there are no physical or logical connections between DC and VA. Program your spoke 
routers in Example 8-49 so that the remote sites can talk to one another. 


Example 8-49. Configuring Static Maps for the Spoke Routers 


r2#show frame-relay map 

Serial0.101 (up): ip 192.168.8.1 dlci 101(0x65,0x1850), dynamic, 
broadcast,, status defined, active 

r2#configure terminal 

r2 (config) #interface s0.101 

r2(config-subif) #frame map ip 192.168.8.1 101 broadcast 

r2(config-subif) #frame map ip 192.168.8.4 101 broadcast 

r2 (config-—subif) #end 

!!!remove any extraneous dynamic mappings 

r2#clear frame-relay-—inarp 


r2#copy running-config startup-config 


r4#configure terminal 

r4(config) #interface s0/0.101 

r4(config-subif) #frame map ip 192.168.8.1 101 broadcast 
r4(config-subif) #frame map ip 192.168.8.2 101 broadcast 
r4 (config-subif) #end 

'!!the next command is short for clear frame-relay-inarp 
r4#clear frame 


r4#copy running-config startup-config 


Look at the Inverse ARP table on r2 and r4. Verify connectivity as in Example 8-50. 


Example 8-50. Testing the Spoke Routers 


r2#show frame-relay map 

Seriald. 101 (up): ap 192-168 .8.1 dlei. 101 (0x65, 0x%1850), static, 
broadcast, 
CISCO, status defined, active 

Serial0.101 (up): ip 192.168.8.4 dlci 101(0x65,0x1850), static, 
broadcast, 


CISCO, status defined, active 


r2#ping 192.168.8.4 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.8.4, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms 


r4#ping 192.168.8.2 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 192.168.8.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 112/116/124 ms 


r2#show ip bgp sum 


BGP router identifier 192.168.8.2, local AS number 65520 


BGP table version is 3, main routing table version 3 

2 network entries and 2 paths using 242 bytes of memory 

1 BGP path attribute entries using 96 bytes of memory 

BGP activity 2/0 prefixes, 2/0 paths 

Neighbor Vv AS MsgRcevd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 


192.1683... 4 65520 23) 2aL 3 0 O O02 T8237 2 


Having a route to get to your destination and the physical transport, too, is obviously pretty 
important. Originally you set up your Frame Relay connection with a PVC from HQ to DC and VA 
as well as another from HQ to the other AS using multipoint subinterfaces. However, you were 
relying on Inverse ARP to get you through r1 to the other IBGP peer. Instead you needed not only 
the route reflector configuration but static map statements, too. 


NOTE 


Patience is the answer for BGP any way you configure it. | am not undermining it by any 
means, but from a support standpoint, take time for a cup of tea and check your 
configurations again. Always remember to use clear ip bgp with a specific address 
where possible every time you make a change. On the other hand, check those layers. 


Now that things are working all the way up the stack, glimpse at the BGP updates as in Example 

8-51 so that you see what is going on when you issue clear ip bgp *. Feel free to show the clock 
periodically to see the timing of things or just look at the time and date stamps from the service 
timestamps debug output that you previously configured. 


Example 8-51. BGP Routing Updates 


rl#debug ip bgp updates 


BGP updates debugging is 
rl#show clock 
ZAT08239.825 UTC Fra Dee 


rl#clear ip bgp * 


on 


13 2002 


Dec 13 22:09:08.113: BGP: 192.168.8.2 computing updates, neighbor version 0, table 
version 1, starting at 0.0.0.0 

Dec 13 22:09:08.117: BGP: 192.168.8.2 update run completed, ran for Oms, neighbor 
version 0, start version 1, throttled to 1, check point net 0.0.0.0 

Dec 13 22:09:08.121: BGP: 192.168.8.4 computing updates, neighbor version 0, table 
version 1, starting at 0.0.0.0 

Dec 13 22:09:08.125: BGP: 192.168.8.4 update run completed, ran for Oms, neighbor 
version 0, start version 1, throttled to 1, check point net 0.0.0.0 

Dec 13 22:09:29.681: BGP: 172.16.8.6 computing updates, neighbor version 0, table 
version 1, starting at 0.0.0.0 

Dec 13 22:09:29.685: BGP: 172.16.8.6 update run completed, ran for Oms, neighbor 
version 0, start version 1, throttled to 1, check point net 0.0.0.0 

Dec 13 22:09:57.957: BGP: nettable_walker 172.16.8.4/30 route sourced locally 

Dec 13 22:09:57.961: BGP: nettable_walker 192.168.8.0/24 route sourced locally 

Dec 13 22:09:57.961: BGP: 192.168.8.2 computing updates, neighbor version 1, table 
Version SS; Starting at. 0.0.0.0 

Déc 13 22:09:57.965: BGP: 192,168.8.2 send UPDATE 172.16.8.4/30, next 192.168.8.1, 
metric 0, path 

Dec 13 22:09:57.969: BGP: 192.168.8.2 send UPDATE 192.168.8.0/24 (chgflags: 0x8), 
next 192.168.8.1, path (before routemap/aspath update) 

Dec 13 22:09:57.977: BGP: 192.168.8.2 1 updates enqueued (average=60, maximum=60) 

Dec 13 22:09:57.977: BGP: 192.168.8.2 update run completed, ran for 12ms, neighbor 


version 1, start version 3, throttled to 3, check point net 0.0.0.0 

Dec 13 22:09:57.981: BGP: 192.168.8.4 computing updates, neighbor version 1, table 
Version, 3, Starting at 0...0.0:.0 

Dec 13 22:09:57.985: BGP: 192.168.8.4 send UPDATE 172.16.8.4/30, next 192.168.8.1, 
metric 0, path 

Dec 13 22:09:57.993: BGP: 192.168.8.4 send UPDATE 192.168.8.0/24 (chgflags: 0x8), 
next 192.168.8.1, path (before routemap/aspath update) 

Dec 13 22:09:57.997: BGP: 192.168.8.4 1 updates enqueued (average=60, maximum=60) 

Dec 13 22:09:58.001: BGP: 192.168.8.4 update run completed, ran for 12ms, neighbor 
version 1, start version 3, throttled to 3, check point net 0.0.0.0 

Dec 13 22:09:59.101: BGP: 172.16.8.6 computing updates, neighbor version 1, table 
VErsion 3) Starting at. 0.0.0.0 

Dec 13 22:09:59.105: BGP: 172.16.8.6 send UPDATE 172.16.8.4/30, next 172.16.8.5, 
metric 0, path 65520 

Dec 13 22:09:59.109: BGP: 172.16.8.6 send UPDATE 192.168.8.0/24 (chgflags: 0x8), 
next 172.16.8.5, path (before routemap/aspath update) 

Dec 13 22:09:59.117: BGP: 172.16.8.6 1 updates enqueued (average=57, maximum=57) 

Dec 13 22:09:59.117: BGP: 172.16.8.6 update run completed, ran for 12ms, neighbor 
version 1, start version 3, throttled to 3, check point net 0.0.0.0 


rl#undebug all 


After you have watched the BGP routing update process for a few minutes, you should have a 
couple of occurrences of the nettable walker process. It runs about every minute to populate the 
routing table from the BGP table. Save your configurations to a file named ttl bgp configs. 


Congratulations. You have successfully configured BGP over Frame Relay NBMA. 


Trouble Ticket 2 Solution 


Assuming you are continuing from the preceding Trouble Ticket, first remove BGP and configure 
the loopbacks in Example 8-52. 


Example 8-52. Removing BGP and Configuring Loopback Addresses 


rl(config)#no router bgp 65520 

rl(config) #interface loopback 8 
rl(config-if)#ip address 1.1.1.1 255.255.255.0 
rl(config-if)#no shut 


rl (config-if) #end 


rl#show ip protocols 


r2(config)#no router bgp 65520 

!!!1lo08 is short for loopback 8 

r2 (config) #interface 108 

r2(config-if)#ip address 2.2.2.2 255.255.255.0 
r2(config-if)#no shut 

r2(config-if) #end 


r2#show ip protocols 


r4(config)#no router bgp 65520 

r4(config) #interface 108 

r4(config-if)#ip address 4.4.4.4 255.255.255.0 
r4(config-if) #no shut 

r4(config-if) tend 


r4#show ip protocols 


r5(config)#no router bgp 65525 
r5(config) #interface 108 
r5(config-if)#ip address 5.5.5.5 255.255.255.0 


r5(config-if) #no shut 


r5(config-if) tend 


r5#show ip protocols 


Now that you have completely removed BGP and verified that with the old-faithful show ip 
protocols command, configure OSPF, including the loopbacks, as in Example 8-53. 


Example 8-53. Configuring OSPF 


rl(config) #router ospf 1 
rl (config-router) #network 192.168.8.0 0.0.0.255 area 8 
rl (config-router) #network 1.1.1.0 0.0.0.255 area 8 


rl (config-router) #end 


rl#copy running-config startup-config 


r2 (config) #router ospf 1 

r2(config-router) #network 192.168.8.0 0.0.0.255 area 8 
r2 (config-router) #network 2.2.2.0 0.0.0.255 area 8 

r2 (config-router) #end 


r2#copy running-config startup-config 


r4(config) #router ospf 1 

r4(config-router) #network 192.168.8.0 0.0.0.255 area 8 
r4(config-router) #network 4.4.4.0 0.0.0.255 area 8 
r4(config-router) #end 


r4#copy running-config startup-config 


Verify OSPF connectivity between the routers in network 192.168.8.0 as in Example 8- 54. 


Example 8-54. Verifying OSPF 


rl#show ip ospf neighbor 

rl#!!!no neighbors so no sense in looking for routes 
rl#show ip ospf interface s0 

rl#!!!appears that opsf not configured on int sO 


rl#show run 


interface Loopback8 
ip address 1.7.1.1 255.255.255..0 


no ip directed-broadcast 


router ospf 1 

network 1.1.1.0 0.0.0.255 area. 8 
network 192.168.8.0 0.0.0.255 area 8 
end 

rl#clear ip ospf process 

Reset ALL OSPF processes? [no]: y 
rl#show ip ospf interface 

Loopback8 is up, line protocol is up 


Internet Address 1.1.1.1/24, Area 8 


Process ID 1, Router ID 1.1.1.1, Network Type LOOPBACK, Cost: 


Loopback interface is treated as a stub Host 


Serial0.100 is up, line protocol is up 


Internet Address 192.168.8.1/24, Area 8 


Process ID 1, Router ID 1.1.1.1, Network Type NON_BROADCAST, 


Transmit Delay is 1 sec, State WAITING, Priority 1 


No designated router on this network 


No backup designated router on this network 


Ht 


Cost: 


L562 


Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 
Hello due in 00:00:18 
Wait time before Designated router selection 00:01:39 

Neighbor Count is 0, Adjacent neighbor count is 0 

Suppress hello for 0 neighbor (s) 


r1l# 


For better or worse, | assume Layer 2 is alright because you just finished the preceding Trouble 
Ticket. Like Example 8-54 illustrates, the next step is to see whether you have any OSPF neighbors 
and if not, why not. Next | checked to make sure OSPF was configured on the interface with the 
show ip ospf interface command, but actually | just looked at sO. Alternatively, you could use 
show run. It looks like things are configured properly, so! issued a clear ip ospf process and, 
sure enough, that did the trick. Well, almost. Look back at the output of show ip ospf interface 
to find the real issue and fix it as in Example 8-55. 


Example 8-55. OSPF Neighbors 


rl#show ip ospf neighbor 


rl#configure terminal 


rl(config) #router ospf 1 


rl (config-router) #neighbor 192.168.8.2 ? 
cost OSPF cost for point-to-multipoint neighbor 
database-filter Filter OSPF LSA during synchronization and flooding for 


point=to=multipoint neighbor 


poll-interval OSPF dead-router polling interval 
priority OSPF priority of non-broadcast neighbor 
<CEr> 


rl (config-router) #neighbor 192.168.8.2 
rl (config-router) #neighbor 192.168.8.4 
rl (config-router) #end 


rl#show ip ospf neighbor 


Neighbor ID Pri State Dead Time 
N/A 0 ATTEMPT/DROTHER 00:01:48 
N/A 0) ATTEMPT/DROTHER 00:01:46 


rl#show ip ospf neighbor 


Neighbor ID PEL State Dead Time 
N/A 0 ATTEMPT/DROTHER 00:01:44 
ZO Aik. al FULL/DR 00::01258 


rl#!!!things are starting to happen now 


rl#show ip ospf neighbor 


Neighbor ID PEL State Dead Time 
N/A 0 ATTEMPT/DROTHER 00:01:40 
Delon se 1 FULL/DR OO HOT s:59 


rl#show ip ospf neighbor 


Neighbor ID PEL State Dead Time 
4.4.4.4 1 FULL/DR 0001459 
LZeQwnice 1 FULL/DROTHER OOF01Ls5:6 


rl#show ip ospf neighbor detail 
Neighbor 4.4.4.4, interface address 192.168.8.4 


In the area 8 via interface Serial0.100 


Neighbor priority is 1, State is FULL, 7 state changes 


DR 18 192.168.:8:.4 BDR as: 192.168./8..1. 


Poll interval 60 


Options 2 


Dead timer due in 00:01:32 


Neroghbor 2.2.2.2, antverfacé address 192.768.8332 


In the area 8 via interface Serial0.100 


Neighbor priority is 1, State is FULL, 7 state changes 


DR: 2s: 192..168,.8.2 BDR as. 192.168 08.1 


Address 


192.168). 


T9268: 


Address 


192.168). 


192.168: 


Address 


192.1680 


192.1768 .. 


Address 


192. 168%, 


192). 1'69'5 


Interface 


Serial0.100 


Serial0.100 


Interface 


Serial0.100 


Serial0.100 


Interface 


Serial0.100 


Serial0.100 


Interface 


Seriald.100 


Serial0.100 


Poll interval 60 
Options 2 


Dead timer due in 00:01:54 


Yes, there are issues with running OSPF over Frame Relay NBMA, as mentioned earlier in the 
chapter. Personally, | would rather just configure point-to-point subinterfaces and be done with it, 
but there are workarounds. One method is to manually specify the neighbor statements. Notice 
that | only configured the neighbor statement on one end. However, it is a much better practice to 
configure the neighbor statements on both ends so as not to leave anything to chance. Speaking 
of leaving anything to chance, you do not have a full- mesh configuration here, so it is pretty 
important that the hub router be the DR. Force rl to be the DR for the serial interfaces by making 
the other routers ineligible to become the DR as in Example 8-56. Configure the other neighbor 
statements while you are at it. Watch the election process on r4. 


Example 8-56. Forcing rl to Become the DR 


r2#show ip ospf neighbor 

Neighbor ID Pra State Dead Time Address Interface 
Lode Led dl FULL/BDR 00:01:45 192.168:2.8 31. Serial0.101 
r2#configure terminal 

r2 (config) #router ospf 1 

r2 (config-router) #neighbor 192.168.8.1 

r2 (config-router) #interface s0.101 

r2(config-subif)#ip ospf priority 0 


r2 (config-subif) #end 


r4#configure terminal 

r4(config) #router ospf 1 
r4(config-router) #neighbor 192.168.8.1 
v4 (config-router) #interface s0/0.101 
r4(config-subif)#ip ospf priority 0 


r4 (config-subif) #end 


r4#debug ip ospf adj 


OSPF adjacency events debugging is on 


Dec 13 


23:37:18.150: OSPF: Rev hello from 1.1.1.1 area 8 from Serial0/0.101 


192 «160.58. 


Dec 13 


Dec 13 


Dec 13 


Dec 13 


Dec 13 


Dec 13 


flag 


Dec 13 


Dec 13 


flag 


Dec 13 


Dec 13 


Dec 13 


Dec 13 


flag 


Dec 13 


flag 


Dec 13 


Dec 13 


flag 


Dec 13 


Dec 13 


flag 


Dec 13 


23:37:18.150: OSPF: Neighbor change Event on interface Serial0/0.101 
23:37:18.154: OSPF: DR/BDR election on Serial0/0.101 

2323 7213.154: OSPF: Elect: BDR. 1.1.1.1 

23231316 .19042 OSPF: Elect. DR. 1.1.1.1 

23237218.154: DRY Lol. 1.1, (id) BDRe Dededel (id) 

23:37:18.154: OSPF: Send DBD to 1.1.1.1 on Serial0/0.101 seq OxFDD opt 0x2 
Ox) Lén 32 

23237:218.154: OSPF: End of hello processing 

23:37:18.190: OSPF: Rev DBD from 1.1.1.1 on Serial0/0.101 seq OxDB6 opt 0x2 
Ox7 len 32 state EXSTART 

23:37:18.190: OSPF: First DBD and we are not SLAVE 


23331218. 6943 OSP 


Hy 


Build router LSA for area 8, router ID 4.4.4.4 


23237223.154: OSPF: Retransmitting DBD to 1.1.1.1 on Serial0/0.101 


23:37:23.154: OSPF: Send DBD to 1.1.1.1 on Serial0/0.101 seq OxFDD opt 0x2 

Ox) Lén. 32 

23:37:23.190: OSPF: Rev DBD from 1.1.1.1 on Serial0/0.101 seq OxDB6 opt 0x2 
Ox7 len 32 state EXSTART 

23:°37:23.190: OSPF: First DBD and we are not SLAVE 

23:37:23.222: OSPF: Rev DBD from 1.1.1.1 on Serial0/0.101 seq OxFDD opt 0x2 
Ox2 len 132 state EXSTART 

23:37:23.222: OSPF: NBR Negotiation Done. We are the MASTER 

23:37:23.222: OSPF: Send DBD to 1.1.1.1 on Serial0/0.101 seq OxFDE opt 0x2 

0x3 len 132 


23:37:23.286: OSPF: Rev DBD from 1.1.1.1 on Serial0/0.101 seq OxFDE opt 0x2 


flag 


Dec 


flag 


Dec 


flag 


Dec 


Dec 


Dee 


Dec 


r4#show ip ospf 


ne 


LS 


13 


iL 


13 


i 


OxO len 32 state EXCHANGE 


238322 seo0s 


Oxl len 32 


ZITO te oeoeee 


OSPE's 


OSPF: 


Send DBD to 1.1.1.1 on Serial0/0.101 seq OxFDF opt 0x2 


Rev DBD from 1.1.1.1 on Serial0/0.101 seq OxFDF opt 0x2 


OxO len 32 state EXCHANGE 


23% 


23% 


23% 


23% 


| 


Sie) 


ou 


ot 


Neighbor ID 


Teds deg 


Dec 13) 23% 


LO 2 LO Os 


Dec 


Dec 


Dee 


Dec 


Dec 


Dec 


13 


13 


13 


13 


cS) 


13 


Dec 13 23: 


23% 


23% 


23% 


23% 


23% 


23% 


37 


Bre 


| 


r4#undebug all 


rl#show ip ospf 


Neighbor ID 


4.4.4.4 


Bilis Lice 


223.326: OSPF: Exchange Done with 1.1.1.1 on Serial0/0.101 
223.326: OSPF: Synchronized with 1.1.1.1 on Serial0/0.101, state FULL 
:23.654: OSPF: Build router LSA for area 8, router ID 4.4.4.4 
:28.654: OSPF: Build router LSA for area 8, router ID 4.4.4.4 
neighbor 
Pra State Dead Time Address Interface 
1 FULL/DR 00:01:46 192.168.2821. Serial0/0.101 
248.270: OSPF: Rev hello from 1.1.1.1 area 8 from Serial0/0.101 
1 
248.270: OSPF: Neighbor change Event on interface Serial0/0.101 
48.270: OSPF: DR/BDR election on Serial0/0.101 
48.270: OSPF: Elect BDR 0.0.0.0 
48.21/43 OSPF? Elect: DR 1.1.1.1 
48.274: DR Lelsi.i, (Td) BDR: none 
48.274: OSPF: End of hello processing 
:48.774: OSPF: Build router LSA for area 8, router ID 4.4.4.4 
neighbor 
Pra State Dead Time Address Interface 
0 FULL/DROTHER 00:01:46 1922168..8.4 Serial0.100 
0 FULL/DROTHER 00201238 192. 16852182 Serial0.100 


Observe the preceding output of show ip ospf neighbor on each of the routers to note that both 


r2 and r4 are in a full state with the DR (r1). Likewise, from r1's perspective it is in a full state 
with the DRothers. The clear ip ospf process command was not necessary here because 
changing the priority to 0 forced the election to occur. Had you set rl with a higher priority, 
clearing the OSPF process or bouncing the interface would have been an effective way to trigger 
the election. However, on r4 the version of code doesn't support the clear ip ospf command 
anyway. The debug ip ospf adj command enabled you to watch the stages of the election 
process. 

| find it more helpful for troubleshooting to manually configure the router ID (RID). In the 
preceding example, the loopbacks should take precedence unless OSPF was configured before you 
created them. The problem with making changes to the RID is that it normally doesn't take effect 
until you reload the router (or restart the OSPF process). | can get away with that in a test 
environment, but that is not always a choice in a practical environment. Example 8-57 illustrates 
how to hard code the RIDs. 


Example 8-57. Hard Coding the RI Ds 


rl(config) #router ospf 1 
rl(config-router) #router-id ? 
A.B.C.D OSPF router-id in IP address format 
rl (config-router) #router-id 1.1.1.1 
Reload or use "clear ip ospf process" command, for this to take effect 
rl (config-router) #end 


rl#copy running-config startup-config 


r2 (config) #router ospf 1 

r2 (config-router) #router-id 2.2.2.2 

Reload or use "clear ip ospf process" command, for this to take effect 
r2 (config-router) #end 


r2#copy running-config startup-config 


r4(config) #router ospf 1 


r4(config-router) #router-id 4.4.4.4 


Aa 


° 


% Invalid input detected at '*' marker. 


v4 (config-router) #end 

r4#show ver 

Cisco Internetwork Operating System Software 

IOS (tm) 3600 Software (C3620-D-M), Version 11.3(9)T, RELEASE SOFTWARE (fcl) 


r4#!!!ios version issue 


After hard coding the RID in Example 8-57, the |OS told you to reload or clear the OSPF process 
for the new RID to take effect. Alternatively, you could try a no router ospf 1 instead in cases 
where the |OS version does not support the clear ip ospf process command. Review your 
neighbors and OSPF tables in Example 8-58 after your OSPF processes reset. 


Example 8-58. Viewing OSPF Neighbors, Processes, and Databases 


rl#show ip ospf neighbor 


Neighbor ID Pra State Dead Time Address Interface 
4.4.4.4 0 FULL/DROTHER 00:01:44 192.168.8.4 Serial0.100 
2eksZad 0 FULL/DROTHER 00:01:48 192.268.2822 Serial0.100 


r2#show ip ospf neighbor 
Neighbor ID Pri State Dead Time Address Interface 
piper le Eee 1 FULL/DR 00:01:57 192.168:.8.1 Serial0.101 
r4#show ip ospf neighbor 
Neighbor ID Pri State Dead Time Address Interface 
pte a 1 FULL/DR O001252 192.168.0821 Serial0/0.101 
r4#show ip ospf neighbor detail 
Neighbor 1.1.1.1, interface address 192.168.8.1 

In the area 8 via interface Serial0/0.101 

Neighbor priority is 1, State is FULL 

DR is L92.168.8.1. BDR as. 0...0.50:.0 

Poll interval 60 


Options 2 


Dead timer due in 00:01:48 
r4> 
rl#show ip ospf 
Routing Process “ospt 1" wath ID 1.1.1.1 
Supports only single TOS(TOSO) routes 
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs 
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs 
Number of external LSA 0. Checksum Sum 0x0 
Number of DCbitless external LSA 0 


Number of DoNotAge external LSA 0 


Number of areas in this router is 1. 1 normal O stub O nssa 
Area 8 
Number of interfaces in this area is 2 
Area has no authentication 
SPF algorithm executed 4 times 
Area ranges are 
Number of LSA 7. Checksum Sum 0x30C32 
Number of DCbitless LSA 0 
Number of indication LSA 0 
Number of DoNotAge LSA 0 
rl#show ip ospf database 
OSPF Router with ID (1.1.1.1) (Process ID 1) 


Router Link States (Area 8) 


Link ID ADV Router Age Seq# Checksum Link count 
Tiles deel A oils Me ecl ie all 0x80000002 Ox1FF1 2 
Zeke aud ee ie 706 0x80000008 0x3FA 2 
4.4.4.4 4.4.4.4 LSS Ox8000000A 0xDEO3 2 


Net Link States (Area 8) 


Link ID ADV Router Age Seq# Checksum 


192... 66-5 0%. pers eel eal 711 0x80000001 OxE4BE 


The first shaded output shows the new RID in the Neighbor 1D column, then the neighbor priority, 
the DR state, the timers, and the actual neighbor interface address is listed in the Address column 
with the corresponding neighbor interface to the right. After | analyzed the neighbors, | looked at 
how OSPF was configured with show ip ospf and the link-state database with show ip ospf 
database. With serial interfaces, each interface is considered a link rather than just the wire 
between them, which is why you see two links in the database for each address. When supporting 
OSPF, you must have neighbors and link states before you get any OSPF routes in your routing 
table. 

Next configure a default route in Example 8-59 on r1 to get to the outside world (meaning the 
other AS). Have OSPF advertise a default route to r2 and r4 as in Example 8-58, but do not 
configure a default route on r2 and r4 themselves. 


Example 8-59. Configuring a Default Route on rl 


rl#configure terminal 

rl(config)#ip route 0.0.0.0 0.0.0.0 s0.105 
rl (config) #end 

rl#copy running-config startup-config 


rl#show ip route 


Gateway of last resort is 0.0.0.0 to network 0.0.0.0 
1.0.0.0/24 is subnetted, 1 subnets 
Cc 1.1.1.0 is directly connected, Loopback8 
2.0.0.0/32 is subnetted, 1 subnets 
O 2 c2clue TLLO/1563). vie 192.768'.8.2,, 00212 :22,; SerieL0. 100 
2 192.168.8.0/24 is directly connected, Serial0.100 
4.0.0.0/32 is subnetted, 1 subnets 
fe) 4.4.4.4 [110/1563] via 192.168.8.4, 00:12:22, Serial0.100 
172.16.0.0/30 is subnetted, 1 subnets 


Cc 172.16.8.4 is directly connected, Serial0.105 


oie 0.0.0.0/0 is directly connected, Serial0.105 


You configured the default route on rl to send all unknown packets out interface sO.105. This 
resulted in setting the gateway of last resort and the S* entry in the routing table. Although r1 
now has a route to get to the other networks, the remote devices do not have a return route. Now 
have rl advertise a default route via OSPF into the spoke routers r2 and r4 in Example 8-60. 


Example 8-60. Advertising Default Routes into the Spoke Routers 


rl#configure terminal 

rl(config) #router ospf 1 

rl (config-router) #default—information originate ? 
always Always advertise default route 
metric OSPF default metric 
metric-type OSPF metric type for default routes 
route-map Route-map reference 
<ecr> 

r1l(config-router) #default—information originate always 

rl (config-router) #end 

rl#copy running-config startup-config 

rl#clear ip ospf process 


Reset ALL OSPF processes? [no]: y 


View the OSPF external routes (E2) in the routing tables of r2 and r4, as in Example 8-61. 


Example 8-61. Advertising Default Routes into the Spoke Routers 


r2#show ip route 


Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 


D —- EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El = OSPF external. type 1, E2 = OSPF external type 2; E = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o —- ODR 
Gateway of last resort is 192.168.8.1 to network 0.0.0.0 
1.0.0.0/32 is subnetted, 1 subnets 
O Li1.121. [1210/1563] vie 192.168.8.1, O0SG0r;15, Sertrald.101 
2.0.0.0/24 is subnetted, 1 subnets 
Cc 2.2.2.0 is directly connected, Loopback8 
c 192.168.8.0/24 is directly connected, Serial0.101 
4.0.0.0/32 is subnetted, 1 subnets 
O 4.4.4.4 [110/1563] via 192.168.8.4, 00:00:15, Serial0.101 


O*E2 0.0:.0.0/0 [1210/1] vie 192.168.838.171, 00:00:15, Seriald:.101 


r4#show ip route 


Gateway of last resort is 192.168.8.1 to network 0.0.0.0 
1.0.0.0/32 is subnetted, 1 subnets 
O Lel.lsl [1210/1563]. via 192.168.8.1, 00:02:07, Séerial0/0.101 
2.0.0.0/32 is subnetted, 1 subnets 
O 2.2.2.2 [1100/1563] via 192.168.8.2, 00302207, Serial0/0.101 
ey 192.168.8.0/24 is directly connected, Serial0/0.101 
4.0.0.0/24 is subnetted, 1 subnets 


c 4.4.4.0 is directly connected, Loopback8 


O*E2 0.0:.0.0/0 [110/11] via 192.168.8.1, 00:02:07, Serial0/0.101 


Now that the spoke routers have learned a default route via OSPF, they should be able to ping 


outside of the specific networks in their routing tables. Ping is a two-way street, however, and you 
need to make sure the echo replies can return. Therefore, in Example 8-62 configure a static route 
on r5 to get to the 192.168.8.0 network using rl as the next hop before you start your ping 
testing. 


Example 8-62. Configuring a Static Route onr5 


r5#configure terminal 
cr5(config)#ip route 192.168.8.0 255.255.255.0 172.16.8.5 
r5 (config) #end 


r5#show ip route 


Gateway of last resort is not set 

S 192.168.8.0/24 [1/0] via 172.16.8.5 
5.0.0.0/24 is subnetted, 1 subnets 

cS 5.5.5.0 is directly connected, Loopback8 
172.16.0.0/30 is subnetted, 1 subnets 


Cc 172.16.8.4 is directly connected, Serial0.101 


Fix any other issues, save your configurations, and test things out using the loopbacks as in 
Example 8-63. 


Example 8-63. Testing the OSPF Configurations 


rl#copy running-config startup-config 

rl#ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-—byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 


rl#ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms 
rig¢p 5.5.5.5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms 


r2#copy running-config startup-config 

r2#ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100=byte ICMP Bchos to 1.1.1.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 
r2#ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms 
r2#ping 5.5.5.5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/116 ms 


r4#copy running-config startup-config 

r4#ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms 
r4#ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/118/128 ms 
r4#ping 5.5.5.5 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 112/114/116 ms 


r5#copy running-config startup-config 

ro#ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


Looks like everything is fine until you get to r5. Analyze the routing table, fix the problem, and 
continue testing in Example 8-64. 


Example 8-64. Analyzing, Fixing, and Testing r5 


r5#show ip route 
Gateway of last resort is not set 
s 192.1688.0/24 [1/0] via 2172.16.85 
5.0.0.0/24 is subnetted, 1 subnets 
Cc 5.5.5.0 is directly connected, Loopback8 
172.16.0.0/30 is subnetted, 1 subnets 
c 172.16.8.4 is directly connected, Serial0.101 
r5#configure terminal 
r5(config) #ip route 0.0.0.0 0.0.0.0 s0.101 
r5 (config) #end 
r5#show ip route 
Gateway of last resort is 0.0.0.0 to network 0.0.0.0 
S 1P92.16858.0/24 [1/0] wia 172.16 38:.5 
5.0.0.0/24 is subnetted, 1 subnets 
Cc 5.5.5.0 is directly connected, Loopback8 
172.16.0.0/30 is subnetted, 1 subnets 
Cc 172.16.8.4 is directly connected, Serial0.101 
S* 0.0.0.0/0 is directly connected, Serial0.101 
r5#show ip protocols 
ro#ping 1.1.1.1 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 
ro#ping 2.2.2.2 
Type escape sequence to abort. 


Sending 5, 100=byte ICMP Bchos to 2.2.2.2, timeout 1s 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/120 ms 
ro#ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 112/113/116 ms 


You would have been successful had you used the 192.168.8.0 network for your ping tests. 
Remember that r5 is not running a routing protocol at all and is relying on static and default 
routes to get to the couple of networks it needs to communicate with. In Example 8-65, perform a 
traceroute from r5 to r4 to see once again how the frame switch is transparent to routing. 


Example 8-65. Trace from r5 to r4 


ro#trace 4.4.4.4 
Type escape sequence to abort. 
Tracing the route to 4.4.4.4 
1 172.16.8.5 28 msec 28 msec 28 msec 


2 192.168.8.4 56 msec 56 msec * 


Save your configurations to a file named tt2 ospf configs. 


Congratulations. You have successfully configured OSPF over Frame Relay NBMA using static 
neighbor statements. 


Trouble Ticket 3 Solution 


Instead of using static neighbor statements in the preceding Trouble Ticket, you could have 
configured the ip ospf network type as in Example 8- 66. 


Example 8-66. Configuring the ip ospf network Type 


rl(config) #router ospf 1 


rl(config-router) #no neighbor 192.168.8.2 


rl(config-router) #no neighbor 192.168.8.4 


r1(config) #end 
rl#configure terminal 


rl(config) #interface s0.100 


rl(config-subif)#ip ospf network ? 
broadcast Specity OSPF 
non-broadcast Specify OSPF 
point-to-multipoint Specify OSPF 


point=—to=point Specify OSPF 


broadcast multi-access network 
NBMA network 
point-to-multipoint network 


point-to-point network 


rl(config-subif)#ip ospf network point—to-multipoint 


r1l(config-—subif) #end 


rl#copy running-config startup-config 


r2#configure terminal 


r2 (config) #router ospf 1 


r2(config-router) #no neighbor 192.168.8.1 


r2#configure terminal 


r2 (config) #interface s0.101 


r2(config-subif)#ip ospf network point-—to-multipoint 


r2 (config-subif) #end 


r2#copy running-config startup-config 


r4#configure terminal 


r4(config) #router ospf 1 


r4(config-router) #no neighbor 192.168.8.1 


r4#configure terminal 


v4 (config) #interface s0/0.101 


r4(config-subif)#ip ospf network point-to-multipoint 


r4(config-subif) #end 


r4#copy running-config startup-config 


First | removed the static neighbor statements and then added the ip ospf network point-to- 
point command to rl, r2, and r4. This is not necessary on r5 because it has a point-to-point 
subinterface rather than multipoint. Verify your OSPF neighbors and ensure your pings still work 


as in Example 8-67. 


Example 8-67. Verifying OSPF Neighbors 


rl#show ip ospf neighbor 


Neighbor ID PRL State Dead Time 
2222222 0 FULL/ - QOF015.59 
4.4.4.4 0 FULL/ - 0001.59 


Address 


192..168'.:8:...2 


192.168.8.4 


Interface 


Serial0.100 


Serial0.100 


Using this method does not require manual neighbor statements or a DR/BDR election. All ping 
tests should succeed. During this Trouble Ticket, | made a mistake and created an extraneous 


subinterface. Remove it in Example 8- 68. 


Example 8-68. Deleting a Subinterface 


rl#show ip interface brief 


Interface IP-Address OK? Method 
Ethernet0O unassigned YES unset 
Ethernetl unassigned YES unset 
Loopback8 Lg hg Aig YES NVRAM 
Serial0O unassigned YES unset 
Serial0.100 192.168 </81 YES NVRAM 
sSerial0.101 unassigned YES unset 


Status 
administratively down 
administratively down 
up 

up 

up 


up 


Protocol 


down 


down 


up 


up 


up 


up 


Serial0.105 LI 2 LGB. 5 YES NVRAM- up up 


Seriall unassigned YES unset administratively down down 

rl#configure terminal 

rl1l(config-if)#no interface s0.101 

% Not all config may be removed and may reappear after reactivating the 
sub-interface 

r1(config) #end 


rl#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O unassigned YES unset administratively down down 
Ethernetl unassigned YES unset administratively down down 
Loopback8 1 Dd ook YES NVRAM up up 
Serial0O unassigned YES unset up up 
Serial0.100 192.7068! '8..1. YES NVRAM- up up 
Serial0.101 unassigned YES unset deleted down 
Serial0.105 LI2.16 e825 YES NVRAM- up up 
Seriall unassigned YES unset administratively down down 
rl#copy running-config startup-config 

rl#reload 

Proceed with reload? [confirm] 

01:09:21: SSYS-5-RELOAD: Reload requested 

rl>show ip interface brief 

Interface IP-Address OK? Method Status Protocol 
Ethernet0O unassigned YES unset administratively down down 
Ethernet1l unassigned YES unset administratively down down 
Loopback8 Lede ded YES NVRAM up up 
Serial0O unassigned YES unset up up 


Serial0.100 192. 168'2:85.0 YES NVRAM up up 
séerialQ. 105 AT 2, LGB os YES NVRAM up up 


Seriall unassigned YES unset administratively down down 


The moral of this story is that you have to reload the router to completely get rid of the unwanted 
subinterface. Save your configurations to a file named tt3 ospf configs. 


Trouble Ticket 4 Solution 


Example 8-69 starts by making sure all DLCIs are active before any changes are made. Shut down 
the serial interfaces on r3 (the frame switch) and observe the results. 


Example 8-69. Observing Service Provider Issues with the Frame Switch 
Shut Down 


rl#show frame-relay map 

Serial0.100 (up): ip 192.168.8.2 dlci 102 (0x66,0x1860), static, 
broadcast, 
CISCO, status defined, active 

Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 


CISCO, status defined, active 


Serial0.105 (ap): point-to-point dici, dici. 105(0x69,0x1890), broadcast 


status defined, active 


frameswitch#configure terminal 
frameswitch (config) #interface s0/0 
frameswitch (config-if) #shut 
frameswitch(config-if) #interface s0/1 


frameswitch (config-if) #shut 


frameswitch(config-if) #interface s0/2 


frameswitch (config—if) #shut 
frameswitch(config-if) #interface s0/3 


frameswitch (config—-if) #shut 


rl#show frame-relay map 

Serial0.100 (down): ip 192.168.8.2 dlci 102 (0x66,0x1860), static, 
broadcast, 
CISCO, status deleted 

Serial0.100 (down): ip 192.168.8.4 dlci 104(0x68,0x1880), static, 
broadcast, 


CISCO, status deleted 


SerialO.105 (down): point-to-point dici, dici 105(0x69,0x1890).,. broadcast 


status deleted 


r2#show frame-relay map 

Serial0.101 (down): ip 192.168.8.1 dlci 101(0x65,0x1850), static, 
broadcast, 
CISCO, status deleted 

Serial0.101 (down): ip 192.168.8.4 dlci 101(0x65,0x1850), static, 
broadcast, 


CISCO, status deleted 


Notice how | tested to make sure things worked to begin with before | started experimenting. The 
key word here is deleted. This is a service provider issue. The DLCIS were once there but no longer 
are or perhaps they were never configured. Bring only the sO/0 interface up and observe the 


results in Example 8-70. 


Example 8-70. Observing Service Provider Issues with s0O/ 0 Up 


frame-switch(config) #interface s0/0 


frame-switch(config-if) #no shut 


frame-switch(config—if) #end 


!!!first look at the rl end for dlci 102 


rl#show 


SerialO. 


SerialO. 


SerialoO. 


'!!then 


r2#show 


SerialO. 


Serialo. 


The effect of bringing up the sO/0 interface on the frame switch changed the DLCI to an inactive 
state on the local rl side. However, the other end of the PVC on r2 is still deleted. Make sure you 


frame-relay map 

100 (down): ip 192.168.8.2 dlci 102(0x66,0x1860), static, 
broadcast, 
CISCO, status defined, inactive 

100 (down): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 


CISCO, status defined, inactive 


105 (down): point-to-point dlci, dlci 105(0x69,0x1890), broadcast 


status defined, inactive 

look at the r2 end for the same pvc 

frame-relay map 

101 (down): ip: 192.168.8.1 dlci. 101(0x65,0x1850), static, 
broadcast, 
CISCO, status deleted 

101 (down): ip 192.168.8.4 dlci 101(0x65,0x1850), static, 
broadcast, 


CISCO, status deleted 


bring all the interfaces up again before you start the next Trouble Ticket. 


Trouble Ticket 5 Solution 


First you should play the role of the service provider and mix up the DLCls as in Example 8-71. 
Remove the correct route statement and then route what comes in the r3 interface sO/1 as DLCI 


102 out the sO/0 interface as DLCI 101. 


Example 8-71. Misconfiguring the DLCIs 


frame-switch#configure terminal 

frame-switch(config) #interface s0/1 
frame-switch(config-if)#no frame route 101 interface s0/0 102 
frame-switch(config-if) #frame route 102 interface s0/0 101 
!!!'first look at the frame switch for dlci 102 


frame-switch#show frame-relay route 


Input. Iatt Input Dlci Output Intf Output Dlici Status 
Serial0/0 102 Serial0/1 101 inactive 
Serial0/0 104 Serial0/2 101 active 
Serial0/0 LOS: Serial0/3 101 active 
Serial0/1 102 Serial0/0 101 inactive 
Serial0/2 101 Serial0/0 104 active 
Serial0/3 102. Serial0/0 105 active 


!'!!now look at the rl end for dlici 102 

rl#show frame-relay map 

Serial0.100 (up): ip 192.168.8.2 dlci 102 (0x66,0x1860), static, 
broadcast, 
CISCO, status defined, inactive 

Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 
CISCO, status defined, active 


Serial0.105 (up): point-to-point dlci, dlci 105(0x69,0x1890), broadcast 


status defined, active 
rl#show frame-relay pvc 102 


PVC Statistics for interface SerialO (Frame Relay DTE) 


DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0d. 


100 


input pkts 49 output pkts 45 in bytes 4108 


out bytes 3944 dropped pkts 0 in FECN pkts 0 
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 
in DE pkts 0 out DE pkts 0 

out bcast pkts 0 out bcast bytes 0 


pvc create time 00:13:55, last time pvc status changed 00:01:15 

'!Ynow look at. the r2 end for dieci 102 

r2#show frame-relay map 

SerialO: 101 (down): ip 192.168..8:.7. dlci 101 (0x65,0x1850),. static, 
broadcast, 
CISCO, status deleted 

Serial0.101 (down): ip 192.168.8.4 dlci 101(0x65,0x1850), static, 
broadcast, 


CISCO, status deleted 


The frame switch shows inactive frame routes for PVC 102. rl shows an inactive state, too. 
However, r2 is more local to the problem in the cloud and shows a deleted state for DLCI 102. You 
know it was once there because you configured it, but something mysteriously happened in the 
cloud. Fix the service provider issues in Example 8- 72. 


Example 8-72. Fixing the Frame Route Statement in the Cloud 


frame-switch(config) #interface s0/1 
frame-switch(config-if) #frame route 101 interface s0/0 102 
frameswitch(config-if)#no frame route 102 interface s0/0 101 


frameswitch(config—if) #end 


rl#show frame-relay map 


Seriaid.100 (up): ip 192.168.8.2 dlcei1 102 (0x66, 0x1860),. Static, 


broadcast, 
CISCO, status defined, active 
Serial0.100 (up): ip 192.168.8.4 dlci 104 (0x68,0x1880), static, 
broadcast, 
CISCO, status defined, active 
SérialQ.105 (up): point=to=-point dleci, dieci 105(0x69,0x13890), broadcast 


status defined, active 


r2#show frame-relay map 

Serial0:101 (up)? 2p 1922168..8.1 dlei, 101.(0x65, 0x1850), static, 
broadcast, 
CISCO, status defined, active 

SérialO. Ol (up): ap 192.168.8.4 dlei 101.(0x65, 0x1850), static, 
broadcast, 


CISCO, status defined, active 


Trouble Ticket 6 Solution 


Turn on Frame Relay compression on rl as in Example 8-73. 


Example 8-73. Frame Relay Compression on r1 


rl(config) #interface s0.105 

r1l(config-—subif) #frame-relay payload-compression packet—by-packet 

r1(config-subif) #end 

rl#show frame-relay map 

Serial0.100: (up): ip 192.168.8212 dlei 102(0x66,0x1860), static, 
broadcast, 


CISCO, status defined, active 


Serial0.100 (up): ip 192.168.8.4 dlci 104(0x68,0x1880), static, 


broadcast, 


CISCO, status defined, active 


Serial0.105 (up): point=-to=point dilci, dici 105 (0x69,0x1890), broadcast 


status defined, active 
rl#ping 5.5.5.5 


Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: 
Success rate is 0 percent (0/5) 
r5#show frame-relay map 


Serial0.101 (up): point=-to=point dilci, dici. 101 (0x65,0x1850), broadcast 


status defined, active 
ro#ping 1.1.1.1 


Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 


Success rate is 0 percent (0/5) 


The frame maps look fine, but mismatched compression types do not enable you to communicate. 
Turn compression on for r5, the other end of the PVC, as in Example 8-74. 


Example 8-74. Frame Relay Compression on Both Ends of the PVC 


r5#configure terminal 
r5 (config) #interface s0.101 
r5(config-subif) #frame-relay payload-compression packet—by-—packet 


r5 (config-subif) #end 


cro#ping 1.1.1.1 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms 


Now that things are successful, turn frame compression off as in Example 8-75. 


Example 8-75. Removing Frame Relay Compression on Both Ends 


r5#configure terminal 

r5(config) #interface s0.101 

r5(config-subif)#no frame-relay payload-compression packet—by-packet 
r5 (config-subif) #end 

rl#configure terminal 

rl(config) #interface s0.105 


rl(config-subif)#no frame-relay payload-compression packet—by-packet 


r1l(config-subif) #end 
!'!!making sure you can ping 
rl#ping 5.5.5.5 


Type escape sequence to abort. 


Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms 


Compression works if configured the same on both ends, but many times it works best not 
configured at all. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


ie 


hig 


beg 


[= 


sd 


2 


Dey 


keg 


keg 


Can a single Frame Relay PVC be assigned different DLCIs on each end of a virtual 
circuit? 


What are the three possible states for a Frame Relay PVC? Explain. 


What is the result if one end of the PVC is set to the default Cisco LMI type and the 
other end is set to ANSI or Q933A? 


Can you ping yourself in Frame Relay? Why or why not? 

Headquarters is connected to several branch office routers through a Frame Relay 
cloud. You know for a fact that the hub router is version 12.1, but you are not sure 
about all the remotes. Keepalive activity is occurring at most of the remote offices but 
not all of them. What should you check? 

Headquarters is connected to several branch office routers through a Frame Relay 
cloud. The engineer at one of the branch offices is having problems communicating 
with another branch office. How can you help him out? 


Explain the output of show frame-relay map in the following example: 


rl#show frame-relay map 
Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), dynamic, 


broadcast,, status defined, active 


You have decided to contact your service provider about getting a higher CIR to 
allocate more bandwidth because you have been experiencing consistent problems 
with dropped packets due to congestion on the PVC. What command did you use to 
determine this? 


In an all-Cisco-shop Frame Relay, Cisco encapsulation is fine. What Frame Relay 
encapsulation type is available for other vendors? 


Ee |p 
N |e 


Point-to- point subinterfaces are often used in configuring Frame Relay to avoid the 
routing issues with main interfaces and multipoint configurations. Do you need an IP 
address on the main interface if using point-to-point subinterfaces? 


How does a router get a DLCI? 


You are attempting to fix a bad IP address on a Frame Relay interface, but the 
mapping is still showing the old address. What should you do? 


Summary 


Layer 2 WAN issues boil down to some pretty basic troubleshooting. Interfaces and controllers 
are the main targets. For example, if serial x is down and the line protocol is down, check the 
following: 

e Cable 

e Interface 

e CSU/DSU 

e Service provider issues 


lf serial x is up and the line protocol is down, check the following: 


e Clocking and DTE/DCE cable/interface 

e Encapsulation 

e LMI type 

e Other Frame Relay configuration 

e Loopback tests 

e Service provider issues 
Frame Relay is a Layer 2 edge technology that is economic, scalable, manageable, and optimal 
for the public or private WAN. Connections are through virtual circuits. The entire path is known 
up front (PVC), and the big advantage to this is not having to set up and tear down the circuits. 
Unlike its predecessor, X.25, Frame Relay has error detection at Layer 2 but leaves the error 


correction up to the upper layers. Figure 8-14 shows a pictorial review of troubleshooting Frame 
Relay. 


Figure 8-14. Frame Relay Troubleshooting Review 
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This chapter focused on real-world WAN issues relating to Frame Relay at Layer 2 with specific 
routing protocol issues at the upper layers as a result of the NBMA topology. The next chapter 


continues to focus on troubleshooting WAN issues to continue to build your troubleshooting 
skills. 


Chapter 9. Shooting Trouble with HDLC, 
PPP, ISDN BRI, and Dial Backup 


This chapter addresses various CCNP Support WAN topics. It includes scenarios and Trouble 
Tickets for High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), Integrated 
Services Digital Network Basic Rate Interface (ISDN BRI), and Dial Backup. It is assumed you 
have internetworking experience particularly with IP and routing protocols in the WAN. You will 
analyze these WAN technologies individually and together for more practical application. This 
chapter in combination with the previous chapters prepares you for the next chapter and 
practical internetwork support where you must integrate various skills and predefined 
troubleshooting methods to solve numerous issues. 


In supporting the WAN, many times the battle is deciding whether the problem is in fact yours or 
whether it is a service provider issue. You will analyze real-world WAN issues, identify 
troubleshooting targets, and document the results using ping, trace, show, clear, debug and 
other troubleshooting utilities. Gain practical experience by following the text, figures, and 
examples or use my guidelines to build the scenarios and Trouble Tickets yourself. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble on the WAN 
e WAN Terminology 

e HDLC 

e PPP 

e ISDN BRI 

e Dial-on-Demand Routing 

e Dial Backup 

e Trouble Tickets 


e Trouble Ticket Solutions 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table I-1 in the Introduction. 


Scenario: Shooting Trouble on the WAN 


This chapter uses some of the same devices you have been working with throughout the book. 
First you need to adjust your physical topology as shown in Figure 9-1. You will then work on 
Layer 2, Layer 3, and so on. The Trouble Tickets in Chapter 8, "Shooting Trouble with Frame 
Relay," covered Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), and Frame 
Relay troubles using multipoint and point-to-point subinterfaces. For a little variety, you will 
work with Enhanced Interior Gateway Routing Protocol (EIGRP) and Intermediate System-to- 
Intermediate System (1S-1S) on the WAN in this chapter. 


Figure 9-1. Shooting Trouble on the WAN 
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Do your homework up front if you plan to set up the ISDN labs. Unfortunately, there is 
no back-to-back cable plan for ISDN, so you need an ISDN switch or ISDN simulator of 
some type. Keep in mind that if your BRI ports are S/T, which most 2500 ports are, 
you need NT1s depending on the specific capabilities of your |SDN switch or simulator. 
For more details, see the "ISDN BRI" section. One of the most economical solutions | 
found for a simulator is at www.cheapisdn.com. 


The scenario goal is for you to modify your existing configuration or start from scratch to build a 
scenario that you can continue to build off of with the various WAN topics. Do that now using the 


following guidelines. Add router 6 (r6), and redeploy rl through r5 so that they are best utilized 
for the appropriate LAN and WAN interface requirements. J ust remember to label your devices as 
inFigure 9-1 if you make any physical changes so that you can follow along with the chapter. 
Connect r5s1 to r6s1 using a back-to-back serial cable. My r6 is a 2520. However, you can use 
whatever has the correct number of interfaces for the scenarios. It is preferred that r5 and r6 
both have an ISDN BRI interface for later use. All data links should be using the default 
encapsulation type to transport |P and EIGRP autonomous system 109. | am restricting you to 
subnet 0; 192.168.9.0/27 for now. 


Draw a picture of the physical layout and label the pertinent items as in Figure 9-1. After the 
physical connectivity, configure all routers starting with r1. My instructions start from the ending 
configurations of Chapter 8. Change the routing protocol from OSPF to EIGRP, the encapsulation 
from Frame Relay to HDLC, and account for the new routers and addresses as in Example 9-1. 


There is not always one right or wrong way to accomplish the tasks presented. The ability to 
obtain the end result using good practices is extremely important in any real-world network. My 
troubleshooting and device configurations are presented starting in Example 9-1 so that you can 
compare your work and perhaps see a different approach to obtaining the end result. Use the 
previous checklists, your step-by-step troubleshooting methodology, and the WAN checklist in 
Table 9-1 to assist in testing. Frame Relay is not included in this checklist but was covered back 
inChapter 8. 


Table 9-1. WAN Quick Troubleshooting Checklist 


Isolating Problems Commands and 
Symptoms 


Ping is a quick initial test for any troubleshooting. Extended ping | ping 
gives you more options. 


Trace is ping's companion test for connectivity and performance. traceroute 
Extended trace gives you more options. 


Check Physical Layer status and clocking. show controllers s 0 
show controllers bri 0 


show controllers t 1 


Check interface status and encapsulation. show ip interface brief 


show interfaces 
[interface] 


show interfaces sO 


show interfaces briO 
[1| 2] 


show ip interfaces 
[interface] 


show cdp neighbors 
[detail] 


clear interface ? 


clear counters 


Monitor using date and time stamps for logging and debug service timestamps 
activity. debug datetime localtime 
msec 


service timestamps log 
datetime localtime msec 


Are you communicating with the provider? Have you ever show isdn status 

communicated with the provider? If Layer 1 is deactivated, check ; 

your switch type configuration, SPIDs, and configuration. show dialer 
debug dialer 


show dialer interface bri 
(0) 


show isdn history 


debug serial interface 


Check your Layer 2/Layer3 mapping. ISDN has its own Layer 2 show dialer map 
and Layer 3. Layer 3 is for signaling and has nothing to do with 
the bearer payload being |P Layer 3.[¢] show isdn status 


Analyze ISDN Layer 2 communications between you and the local’ show isdn status 
switch (local loop). 
debug isdn q921 


Analyze ISDN Layer 3 activity (end-to-end signaling). show isdn status 


debug isdn q931 


Verify end-to-end PPP authentication. debug ppp negotiation 


debug ppp 
authentication 


Verify configuration. show run interface briO 


Communicate with the service provider. 


(*] Q931 deals with ISDN end-to-end call setup, but there is no Layer 3 address. The E.164 phone number 
would be like your MAC address on the LAN, which technically makes ISDN part of the Layer 2 data-link realm. 


Example 9-1 illustrates the router configurations for rl through r3 according to this chapter's 


section "Shooting Trouble on the WAN Scenario."Example 9-2 shows the same for r4 through 
r6. 


Example 9-1. Shooting Trouble on the WAN r1 Through r3 
Configuration 


r1l(config) #interface s0 

rl (config-if) #shut 

r1l(config-if) #encap hdlc 

rl(config-if) #bandwidth 64 

rl(config-if) #ip address 192.168.9.1 255.255.255.252 
rl(config-if)#no shut 

rl(config-if)#no router ospf 1 

rl(config) #router eigrp 109 

rl (config-router) #network 192.168.9.0 


rl (config-router) #end 


rl#copy running-config startup-config 

r2 (config) #interface s0 

r2(config-if) #shut 

r2 (config-if) #encap hdlc 

r2(config-if) #bandwidth 64 

r2(config-if)#ip address 192.168.9.6 255.255.255.252 
r2(config-if)#no shut 

r2(config-if)#no router ospf 1 

r2 (config) #router eigrp 109 

r2 (config-router) #network 192.168.9.0 


r2 (config-router) #end 


r2#copy running-config startup-config 

frame-switch (config) #hostname r3 

r3 (config) #interface s0/0 

r3 (config-if) #shut 

r3(config-if) #encap hdlc 

r3(config-if) #bandwidth 64 

r3(config—-if) #clock rate 64000 

r3(config-if) #ip address 192.168.9.2 255.255.255.252 
r3(config-if)#no shut 

r3(config-if) #interface s0/1 

r3(config-if) #shut 

r3(config-if) #encap hdlc 

r3(config—if) #bandwidth 64 

r3(config-if) #clock rate 64000 

r3(config-if)#ip address 192.168.9.5 255.255.255.252 
r3(config-if)#no shut 

r3(config-if) #interface s0/2 

r3 (config-if) #shut 

r3(config-if) #encap hdlc 

r3(config—-if) #bandwidth 64 

r3(config-if) #clock rate 64000 

r3(config-if) #ip address 192.168.9.9 255.255.255.252 
r3(config-if)#no shut 

r3(config-if) #interface s0/3 

r3(config-if) #shut 

r3(config-if) #encap hdlc 


r3(config-if) #bandwidth 64 


r3(config—-if) #clock rate 64000 


r3(config-if)#ip address 192.168.9.13 255.255.255.252 
r3(config-if)#no shut 

r3(config-if) #router eigrp 109 

r3(config-router) #network 192.168.9.0 

r3 (config-router) #end 


r3#copy running-config startup-config 


Example 9-2. Shooting Trouble on the WAN r4 Through r6 
Configuration 


r4(config) #interface s0/0 

r4(config-if) #shut 

r4(config-if) #encap hdlc 

r4(config—-if) #bandwidth 64 

r4(config-if)#ip address 192.168.9.10 255.255.255.252 


r4(config-if)#no shut 


r4(config-if)#no router ospf 1 
r4(config) #router eigrp 109 
r4(config-router) #network 192.168.9.0 
r4(config-router) #end 

r4#copy running-config startup-config 
r5(config) #interface sO 
r5(config-if) #shut 

r5(config—-if) #encap hdlc 
r5(config-if) #handwidth 64 


r5(config-if) #ip address 192.168.9.14 255.255.255.252 


r5(config-if)#no shut 


r5(config) #interface sl 


r5(config-if) #shut 

r5(config-if) #encap hdlc 

r5(config—-if) #bandwidth 64 

r5(config-if)#ip address 192.168.9.18 255.255.255.252 


r5(config-if)#no shut 


r5(config-if)#no router ospf 1 

r5(config) #router eigrp 109 

r5(config-router) #network 192.168.9.0 
r5(config-router) #exit 

r5#copy running-config startup-config 

Router (config) #hostname r6 

r6(config) #interface sO 

r6(config—-if) #bandwidth 64 

r6(config—-if) #clock rate 64000 

r6(config-if)#ip address 192.168.9.17 255.255.255.252 


r6(config-if)#no shut 


r6(config—-if) #router eigrp 109 
r6(config-router) #network 192.168.9.0 
r6(config-router) #end 

r6(config) #enable secret donna 

r6 (config) #line console 0 


r6(config-line) #logging synchronous 


r6 (config-line) #end 


ré#copy running-config startup-config 


NOTE 


Although it is not a requirement to shut down the interfaces as in the previous 


examples, it is a best practice. 


Even though you took a router-by-router approach to configuration, take a layer-by-layer 
approach to testing and troubleshooting the scenario. First check your controllers, interfaces, 
and devices as in Example 9-3. 


Example 9-3. Testing Controllers, Interfaces, and Devices 
rl#show controllers s 0 
HD unit 0, idb = 0x10DB70, driver structure at 0x113008 


buffer size 1524 HD unit 0, V.35 DTE cable 


rl#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0 unassigned YES unset administratively down down 
Ethernetl unassigned YES unset administratively down down 
Loopback8 Gis Deve Die YES manual up up 
Serial0 192)..1,68'5'9). 1 YES manual up up 
Serial0.100 192 6168).:8'.1 YES manual deleted down 
Seriald.105 T7216. 865 YES manual deleted down 
Seriall unassigned YES unset administratively down down 


rl#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater 
Device ID Local Intrice Holdtme Capability Platform Port ID 
£3 Ser 0 143 R 3640 Ser 0/0 


rl#show cdp neighbors detail 


Device ID: r3 


Entry address(es): 
IP address: 192.168.9.2 
Platform: cisco 3640, Capabilities: Router 
Interface: Serial0, Port ID (outgoing port): Serial0/0 
Holdtime : 134 sec 
Version 
Cisco Internetwork Operating System Software 
IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl) 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


r2>show controllers s 0 


HD unit 0, idb = Ox107EAC, driver structure at 0x10D340 


buffer size 1524 HD unit 0, V.35 DTE cable 


r2>show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0 unassigned YES unset administratively down down 
Loopback8 2 2 Lek YES manual up up 
Serial0O 192.5168); 9:..6 YES manual up up 
seriald.101 192.168.8382 YES manual deleted down 
Seriall unassigned YES unset administratively down down 


r2>show cdp neighbors detail 
Device ID: r3 
Entry address(es): 
TP address; 192..166..9 05 
Platform: cisco 3640, Capabilities: Router 


Interface: Serial0O, Port ID (outgoing port): Serial0O/1 


Holdtime : 172 sec 

Version 

Cisco Internetwork Operating System Software 

IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl1) 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


My output in Example 9-3 only shows rl and r2. However, you should complete the same steps 
for all your devices. The commands show controllers, show ip interface brief, and show cdp 
neighbors detail are once again quite helpful for targeting lower-level issues. The r3 and r6 
serial interfaces are DCE, whereas all others are DTE. All used interfaces are up and up, and 
show cdp neighbors displays the appropriate neighbors. After all of that, however, r6 cannot 
ping rl. Bounce the interfaces (shut/no shut) if needed because you made so many changes. 
You might want to reload to get rid of all the extraneous deleted subinterfaces. This is the only 
way to truly get rid of deleted subinterfaces from the Interface Descriptor Block (IDB) table. 
Continue testing up the stack as in Example 9-4. 


Example 9-4. Continue Testing up the Stack 


ré#ping 192.168.9.1 

Sending 5, 100-byte ICMP Echos to 192.168.9.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/84/88 ms 
ré#ping 192.168.9.6 

Sending 5, 100-byte ICMP Echos to 192.168.9.6, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/88/88 ms 
ré#ping 192.168.9.10 

Sending 5, 100-byte ICMP Echos to 192.168.9.10, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/86/88 ms 


ro#ping 192.168.9.14 


Sending 5, 100-byte ICMP Echos to 192.168.9.14, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms 
rl#ping 192.168.9.17 

Sending 5, 100=byte ICMP Echos to 192.168.9.17, timeout is 2 seconds: 


84/86/88 ms 


Success rate is 100 percent (5/5), round-trip min/avg/max 
cl#ping 192.168.9.6 


Sending 5, 100=byte ICMP Echos to 192.168.9.6, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms 
rl#ping 192.168.9.10 
Sending 5, 100=byte ICMP Echos to 192.168.9.10, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms 


The testing from r6 to the other addresses and from r1 to the other addresses appears to be 
fine. Check your lower-layer troubleshooting targets (controllers and interfaces) and 
troubleshoot as required. 


NOTE 


Make sure there are no leftovers from the previous chapters that are causing problems 
if things are not working as written. It is always a good practice to know what is in 
your configurations and why, so now is just as good of a time as any to check that. 


Now create loopback9 6.6.6.6/32 on r6. Advertise all the loopbacks in EIGRP as in Example 9-5. 
Then review the routing tables in Example 9-6. 


Example 9-5. Advertising the Loopbacks in EIGRP 


r6(config) #interface loopback 9 


r6(config-if) #ip address 6.6.6.6 255.255.255.255 


r6(config—-if) #router eigrp 109 


r6(config-router) #network 6.6.6.6 


r6(config-router) #end 

ré#copy running-config startup-config 
rl(config) #router eigrp 109 

rl (config-router) #network 1.1.1.1 


rl (config-router) #end 


rl#copy running-config startup-config 
r2 (config) #router eigrp 109 

r2 (config-router) #network 2.2.2.2 

r2 (config-router) #end 

r2#copy running-config startup-config 
r3 (config) #router eigrp 109 
r3(config-router) #network 3.3.3.3 

r3 (config-router) #end 


r3#copy running-config startup-config 


1dl6h: sSDUAL-5-NBRCHANGE: IP-EIGRP 109: 


up: new adjacency 


1dl6h: sDUAL-5-NBRCHANGE: IP-EIGRP 109: 


up: new adjacency 


1dl6h: sDUAL-5-NBRCHANGE: IP-EIGRP 109: 


up: new adjacency 


r4(config) #router eigrp 109 


r4(config-router) #network 4.4.4.4 


v4 (config-router) #end 


Neighbor 192.168.9.6 


Neighbor 192.168.9.14 


Neighbor 192.168.9.10 


(Serial0/1) 


(Serial0/3) 


(Serialoy/2) 


aS 


is 


is 


r4#copy running-config startup-config 
r5(config) #router eigrp 109 
r5(config-router) #network 5.5.5.5 
r5(config-router) #end 


r5#copy running-config startup-config 


Example 9-5 illustrates creating the new loopback on r6 and assumes that the other loopbacks 
are already in place. Then they are added to EIGRP autonomous system 109. Note the log 
messages shown on r3. They tell you that the router has been up for 1 day and 16 hours 
(1d16h); however, it is helpful to have more accurate date and time stamps associated with your 
log messages. To assist with that, configure the following statements on your devices: 


clock set ? 
service timestamps debug datetime localtime msec 


service timestamps log datetime localtime msec 


Ensure you set the clock and put in the previous timestamps commands above before you 
continue. Check the results of advertising the loopbacks into EIGRP by reviewing your routing 


tables in Example 9-6. 


Example 9-6. Reviewing the Routing Tables 


r6#show ip route 


D 1.0.0.0/8 [90/41664000] via 192.168.9.18, 00:00:19, Serial0 
D 2.0.0.0/8 [90/41664000] via 192.168.9.18, 00:00:19, Serial0d 
D 4.0.0.0/8 [90/41664000] via 192.168.9.18, 00:00:19, Serial0 


192.168.9.0/24 is variably subnetted, 6 subnets, 2 masks 


D 192.168.9.0/30 [90/41536000] via 192.168.9.18, 00:00:20, Serial0d 
D 192.168.9.0/24 is a summary, 00:01:49, Null0 

D 192.168.9.4/30 [90/41536000] via 192.168.9.18, 00:00:20, Serial0d 
D 192.168.9.8/30 [90/41536000] via 192.168.9.18, 00:00:20, Serial0d 
D 192.168.9.12/30 [90/41024000] via 192.168.9.18, 00:00:20, Serial0 
iC 192.168.9.16/30 is directly connected, Serial0O 

D 5.0.0.0/8 [90/40640000] via 192.168.9.18, 00:00:21, Serial0 


6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
C 6.6.6.6/32 is directly connected, Loopback9 


D 6.0.0.0/8 is a summary, 00:01:49, Null0 


Hopefully, the 1.0.0.0/8, 2.0.0.0/8, 4.0.0.0/8, and 5.0.0.0/8 with a missing 3.0.0.0 looked 
strange to you compared to the directly connected loopback routing table entry of 6.6.6.6/32. 
Fix the issue as in Example 9-7 so that the loopbacks are shown as a /32 in the routing tables 
and so you can see network 3.3.3.3. 


Example 9-7. Fixing the Loopbacks 


rl(config) #router eigrp 109 
rl(config-router) #no auto-summary 

rl (config-router) #end 

rl#copy running-config startup-config 


Dec 21 04:07:28.723: SSYS-5-CONFIG_I: Configured from console by console 


Example 9-7 only illustrates the no auto-summary command on rl, but you should configure 
this router config mode command on all your devices. Note how the logging changes to show 
you the time and date stamp of the configuration change. 


When you entered the loopback network statements in Example 9-5 as hosts (6.6.6.6) without a 
mask, a classful mask was applied to them. The previous routing table entry for 6.0.0.0/8 
pointing to nullO illustrated that. 


Remember that although you can summarize on any interface you want with EI GRP that the 


defaultauto-summary configuration summarizes on the classful boundary. Now view the 
routing tables once again in Example 9-8. 


Example 9-8. Viewing the Routing Tables 


r6é#show ip route 


1.0.0.0/24 is subnetted, 1 subnets 

D 1.1.1.0 [90/41664000] via 192.168.9.18, 00:00:18, Serial0 
2.0.0.0/24 is subnetted, 1 subnets 

D 2.2.2.0 [90/41664000] via 192.168.9.18, 00:00:18, Serial0 
4.0.0.0/24 is subnetted, 1 subnets 

D 4.4.4.0 [90/41664000] via 192.168.9.18, 00:00:18, Serial0 

!!'tif you have more than 5 subnets you may have missed a no auto-sum 


192.168.9.0/30 is subnetted, 5 subnets 


D 192.168.9.0 [90/41536000] via 192.168.9.18, 00:00:18, Serial0 
D 192.168.9.4 [90/41536000] via 192.168.9.18, 00:00:18, Serial0d 
D 192.168.9.8 [90/41536000] via 192.168.9.18, 00:00:18, Serial0d 
D 192.168.9.12 [90/41024000] via 192.168.9.18, 00:00:18, Serial0 
oy 192.168.9.16 is directly connected, Serial0O 


5.0.0.0/24 is subnetted, 1 subnets 
D 5.5.5.0 [90/40640000] via 192.168.9.18, 00:00:19, SerialO 
6.0.0.0/32 is subnetted, 1 subnets 


c 6.6.6.6 is directly connected, Loopback9 


It is not important that all loopbacks are named loopback9 for this chapter. That is a good 
approach if you are configuring from scratch. If you are just modifying the Chapter 8 
configurations as | am, use the existing loopback8 interfaces. Remember to configure a 
loopback9 for r3 because it was acting as a frame switch in the preceding chapter and for r6 
because it was added in this chapter scenario. Example 9-9 shows what the loopback looks like 
in the running-config. 


Example 9-9. Viewing the Loopbacks in the running-config File 


rl#sh run interface loopback 8 


interface Loopback8 
ip address 7.1.1.1 255.255.255.0 


no ip directed-broadcast 


Experiment a bit to see the results of typing the loopbacks in as host routes with a mask of 
255.255.255.255 as in Example 9-10. 


Example 9-10. Configuring Loopbacks as Host Routes 


rl(config) #interface loopback 8 
rl(config-if) #ip address 1.1.1.1 255.255.255.255 
r2 (config) #interface loopback 8 
r2(config-if)#ip address 2.2.2.2 255.255.255.255 
r3 (config) #interface loopback 9 
r3(config-if)#ip address 3.3.3.3 255.255.255.255 
r4 (config) #interface loopback 8 
r4(config-if)#ip address 4.4.4.4 255.255.255.255 
r5(config) #interface loopback 8 
r5(config-if)#ip address 5.5.5.5 255.255.255.255 
r6(config) #interface loopback 9 


r6(config-if) #ip address 6.6.6.6 255.255.255.255 


Now observe the output of the running-config file and the routing table in Example 9-11. 


Example 9-11. Observe the Host Routes 


ré#show run interface 109 

Building Ccontigquration.::.. 

Current configuration: 

interface Loopback9 

ip address: 6.65626 255.255.255.255 
no ip directed-broadcast 

end 


r6#show ip route 


1.0.0.0/32 is subnetted, 1 subnets 

D 1.1.1.1 [90/41664000] via 192.168.9.18, 00:02:21, Serial0d 
2.0.0.0/32 is subnetted, 1 subnets 

D 2.2.2.2 [90/41664000] via 192.168.9.18, 00:02:01, Serial0d 
3.0.0.0/32 is subnetted, 1 subnets 

D 3.3.3.3 [90/41152000] via 192.168.9.18, 00:01:42, Serial0d 
4.0.0.0/32 is subnetted, 1 subnets 

D 4.4.4.4 [90/41664000] via 192.168.9.18, 00:01:24, Serial0d 


192.168.9.0/30 is subnetted, 5 subnets 


D 192.168.9.0 [90/41536000] via 192.168.9.18, 00:20:17, Serial0d 
D 192.168.9.4 [90/41536000] via 192.168.9.18, 00:20:17, Serial0d 
D 192.168.9.8 [90/41536000] via 192.168.9.18, 00:20:17, Serial0d 
D 192.168.9.12 [90/41024000] via 192.168.9.18, 00:20:17, Serial0 
a 192.168.9.16 is directly connected, Serial0O 


5.0.0.0/32 is subnetted, 1 subnets 


D 5.5.5.5 [90/40640000] via 192.168.9.18, 00:01:04, Serial0 


6.0.0.0/32 is subnetted, 1 subnets 


Cc 6.6.6.6 is directly connected, Loopback9 


As a support person, you may need to understand routing. With EIGRP you need to know how to 
turn off the default auto-summary and manually summarize as appropriate to limit your 
queries in the search of feasible successors. Remember to use show ip route or show ip route 
eigrp to analyze the routing table. However, show protocols and show ip protocols are quite 
helpful in troubleshooting routing issues, too. EIGRP is one of the fastest converging protocols; 
therefore, when you finished the configuration on r6, the routing tables had already caught up to 
you. 


Save your configurations and then review the next section to become more familiar with the 
WAN. 


WAN Terminology 


Now that you have a working scenario with r1 to r6, | want to discuss WAN concerns and 
terminology a bit more. The Telecommunications Act of 1996 drastically changed the way of the 
WAN. However, there are still three main concerns when connecting your sites: 


e Availability 
e Bandwidth 
e Cost 


Whether you select leased lines, circuit-switched networks, packet-switched networks, cell- 
switched networks, Digital Subscriber Lines (DSL), cable modems, or wireless, you must 
interface with the provider(s). Interfacing with the provider is a big part of supporting the WAN. 
The central office (CO) is the entry point of the cloud for calling devices and the exit point of the 
cloud for called devices. It is the switching point for calls that traverse the service provider's toll 
network. The last mile or local loop extends from the demarcation point (demarc) to the CO. 
Essentially the demarc is known in the support world as the "line of blame." Customer premises 
equipment (CPE) resides at the customer location, although it may be owned by the subscriber 
or leased from the provider. More than one provider may be involved for your various primary, 
sectional, regional, and international trunks and switches. Knowing who to call for what is an 
important part of troubleshooting methodology. 


UseFigure 9-2 to review the DTE/DCE specifications and Table 9-2 to review WAN connection 
types and encapsulations. 


Figure 9-2. Serial DTE/ DCE Connections 


NOTE 


Although the lab scenarios and Trouble Tickets you work through in this book (and in 
any lab for that matter) make use of back-to-back serial cables, in a practical 
environment you must order the appropriate cable. One end is the standard DB60, but 
the other end could be EIA/TIA-232, ElA/TIA-449, EIA/TIA-530, V.35, X.21, and so on. 
Figure 9-2 shows an example of the Physical Layer DTE/DCE requirements in the lab 
compared to the practical application of such. 


Table 9-2. WAN Connections 


Layer 1 Connection Layer 2 Examples 
Types Encapsulations 
Leased line HDLC Point-to- point or dedicated connections 
(pre-established path) 
Synchronous serial PPP 
Private use 
SLI PLL 
No service provider (no cloud) 
Circuit switched HDLC Phone call (dedicated for the call duration) 
Asynchronous serial PPP ISDN (totally synchronous) 
Synchronous serial (legacy | SLIP Service provider 
56 kbps) 
Packet switched Frame Relay Store and forward 
Synchronous serial ATM Service provider 
X.25 (Share physical connections to reduce 
cost, virtual circuits) 


(*] SLIP = Serial Line Internet Protocol 


HDLC is the first of this chapter's specific WAN topics | want to focus on. The section starts with 
a brief overview, then looks at the layers, and finishes up with shooting HDLC troubles. 


HDLC 


High-Level Data Link Control (HDLC) started in the 1970s. IBM Synchronous Data Link Control (SD 
created in the mid-1970s for Systems Network Architecture (SNA). SDLC is a bit-oriented synchror 
data- link protocol that the ISO modified into HDLC. The Consultative Committee for Telegraph and 
Telephone (CCITT), now the ITU-T, modified HDLC to create Link Access Procedure (LAP) and Link 
Procedure Balanced (LAPB) for X.25. |EEE modified HDLC, too, for its IEEE 802.2. 


HDLC is the default WAN encapsulation type between two Cisco devices. Example 9-12 clears the c 
and displays the output of show interfaces serial O for r6. 


Example 9-12. Clear the Counters and Show the Serial I nterfaces 


r6#clear counters serial 0 
Clear "Show interface" counters on this interface [confirm] 
r6#show interfaces s0 
SerialO is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:00, output 00:00:03, output hang never 
Last clearing of "show interface" counters 00:00:07 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
3 packets input, 150 bytes, O no buffer 
Received 1 broadcasts, 0 runts, O giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
1 packets output, 64 bytes, O underruns 


OQ output errors, O collisions, 0 interface resets 


0 output buffer failures, 0 output buffers swapped out 
0 carrier transitions 


DCD=up DSR=up DTR=up RTS=up CTS=up 


View the running-config for interface sO. Shut down the sO interface in Example 9-13 so that you cé 
observe the effect. 


Example 9-13. Administratively Shut Down 


r6é#show run interface s0 
interface Serial0O 
bandwidth 64 
ip address 192.168 :.9 17 255.255.255.252 
no ip directed-broadcast 
no ip mroute-cache 
no fair-queue 
clockrate 64000 
end 
!!talthough hdlc is the current encapsulation type 
!!!you do not see it in the config because it is the default 
r6é#configure terminal 
r6(config) #interface sO 
r6(config-if) #shut 
Dec 21 05:12:52.259: SLINK-5-CHANGED: Interface Serial0O, changed state to administ 
“flown 
Dec 21 05:12:53.259: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
™tate to down 


r6(config-if) tend 


Dec 21 05:13:13.107: %SSYS-5-CONFIG_I: Configured from console by console 
!!t!note the interface status below 


r6é#show interfaces sO 


SerialO is administratively down, line protocol is down 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:47, output 00:00:42, output hang never 
Last clearing of "show interface" counters 00:07:04 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
127 packets input, 7810 bytes, 0 no buffer 
Received 44 broadcasts, O runts, 0 giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
128 packets output, 7818 bytes, 0 underruns 
0 output errors, O collisions, 0 interface resets 
0 output buffer failures, O output buffers swapped out 
OQ carrier transitions 


DCD=down DSR=down DTR=up RTS=up CTS=down 


Administratively down always means you need to issue a no shut command on the specific interfac 
the time you last cleared the counters. Also, the Data Carrier Detect (DCD) and Data Set Ready (D 
in a down state when the interface is administratively shut down. 


Change the encapsulation, and no shut the interface as in Example 9-14. Review the results so thi 
know what to look for when troubleshooting. Pay close attention to the interface status and encaps 
mismatches logs. This example assumes the other end of the data link to be correctly configured fc 


Example 9-14. Encapsulation Mismatches 


r6 (config) #interface s0 
r6(config-if) #encap frame 
r6(config-if) #no shut 
Dec 21 05:14:11.447: SLINK-3-UPDOWN: Interface Serial0, changed state to up 
Dec 21 05:14:22.479: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
“tate to up 
Dec 21 05:14:52.479: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
™tate to down 
r6(config-if) #end 
Dec 21 05:15:11.515: %SSYS-5-CONFIG_I: Configured from console by console 
r6#show interfaces s0 
SerialO is up, line protocol is down 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) 


LMI enq sent 6, LMI stat recvd 0, LMI upd recvd 0, DTE LMI down 


0 output errors, O collisions, 3 interface resets 
0 output buffer failures, O output buffers swapped out 
6 carrier transitions 


DCD=up DSR=up DTR=up RTS=up CTS=up 


The sO physical interface is up, but the line protocol is down. This symptom should definitely make 
check the encapsulation on both ends of the data link. Also note the three interface resets and six ¢ 
transitions. Interface resets occur when the interface has been completely reset, which normally is 
cabling or signaling issues. The system resets the interface automatically if it sees that the physica 
is up but the line protocol is down. Carrier transitions occur when there is an interruption in signal. 


goes down and then back up, for instance, that is two transitions. If they continue to increase, che 
cabling or other attached hardware. If output drops also increase, the problem may be congestion. 
encapsulation mismatch in Example 9-15, as you anticipate the increased number of transitions an 


Example 9-15. Fixing Encapsulation Mismatches 


r6 (config) #interface sO 
r6(config-if) #shut 
Dec 21 05:15:48.551: SLINK-5-CHANGED: Interface Serial0, changed state to administ 
“Clown 
r6(config-if) #encap hdlc 
r6(config-if)#no shut 
r6(config-if) #end 
ré#copy running-config startup-config 
Dec 21 05:15:57.783: SLINK-3-UPDOWN: Interface Serial0, changed state to up 
Dec 21 05:15:58.895: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
“tate to up 
Dec 21 05:15:58.907: SSYS-5-CONFIG_I: Configured from console by console 
ré#show interfaces s0 
SerialO is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:03, output 00:00:01, output hang never 
Last clearing of "show interface" counters 01:10:58 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 


5 minute output rate 0 bits/sec, 0 packets/sec 


1382 packets input, 87139 bytes, 0 no buffer 
Received 477 broadcasts, 0 runts, O giants, O throttles 
QO input errors, 0 CRC, O frame, 0O overrun, O ignored, 0 abort 
1377 packets output, 85541 bytes, 0 underruns 
QO output errors, O collisions, 8 interface resets 
0 output buffer failures, O output buffers swapped out 
8 carrier transitions 
DCD=up DSR=up DTR=up RTS=up CTS=up 
ré6é#clear counters s0 


Clear "show interface" counters on this interface [confirm] 


Theshow interfaces command not only shows encapsulation type, but also keepalive activity, ban 
carrier transitions, and data terminal settings to assist you with troubleshooting serial interfaces. C 
transitions can occur with bad modems, bad cables, noisy lines, and so on. So it means misconfigu 
will look the same, too. Some other things may be better tested with show controllers s 0 and by 
at the clocking state. From your testing, you now know how important it is to clear you interface cc 
observe the activity over a certain period of time. 


The Layers 


Look at Figure 9-3 to put the layers into perspective. 


Figure 9-3. HDLC Frame Format 


Address 
(Circuit 
ID) 


1 Byte 2 Bytes 


HDLC has absolutely no built-in authentication mechanisms like PPP's Password Authentication Pro’ 
(PAP) and Challenge Handshake Authentication Protocol (CHAP). It starts and ends with a 1-byte F 
HDLC consists of an Address and Control field, the data, and an frame check sequence (FCS) for er 
detection. Cisco's HDLC contains a proprietary field to carry multiple Layer 3 protocols. 


NOTE 


The |1SO implementation of HDLC only supports one protocol, whereas Cisco includes a proprie 
field that can carry multiple Layer 3 protocols. 


Shooting Trouble with HDLC 


When shooting trouble with HDLC or any WAN encapsulation, it is often helpful to capture and anal 
background traffic on the WAN. Just as you did on the LAN, identify the different types of message: 
things are working to assist you when things are not working. 

Turn on commands such as terminal monitor (term mon) to view debug output over telnet sessi 
needed. Remember to set the clock and add the service timestamps commands to puta time sta 
debug and log messages. This time stamp can be an uptime or a date and time indicator. Use local 
zone information and the Network Time Protocol (NTP) in practical application. 

For now, concentrate on r5 and r6 to analyze the HDLC traffic. On both routers, turn on debug se! 
interface as in Example 9-7. This assumes you have term mon enabled if needed. Also service 
timestamps debug datetime localtime msec and service timestamps log datetime localtim 
are quite useful if your router time is correct. Configure that now if you haven't already. Watch the 


for a couple of minutes to identify the messages. Capture the activity to a file for more detailed rev 
pertinent parts are presented in Example 9-16. 


Example 9-16. Debug Serial I nterface 


r5#clear counters 
r5#terminal monitor 

% Console already monitors 
r5#debug serial interface 


Serial network interface debugging is on 


ré#clear counters 

r6é#terminal monitor 

% Console already monitors 

r6é#debug serial interface 

Serial network interface debugging is on 


ro# 


Dec 21 06:24:27.991: Serial0O: HDLC myseq 410, mineseen 410*, yourseen 410, line up 


Dec 21 06:24:37.999: Serial0: HDLC myseq 411, mineseen 411*, yourseen 411, line up 


Dec 21 06:24:48.007: Serial0: HDLC myseq 412, mineseen 412*, yourseen 412, line up 


What you should have gleaned from this exercise is that HDLC messages are keepalives on the WA 
keepalives go to the other end and allow the line protocol status to state up. These keepalives occu 
default every 10 seconds. For example, look at the time stamps from r6: 6:24:27, 6:24:37, 6:24:4 
on. Keepalives in the WAN world are truly between you and the service provider, not just your own 
as in the LAN. Relate the preceding shaded output to the following information about WAN keepaliy 

e mineseq is the keepalive sent by the local side. 

e yourseen is the keepalive sent by the remote side. 

e mineseen is the local keepalive seen by the remote side. 
The yourseen is actually the last one! (r6) saw from you plus one (that is, the one | expect to see 
next). The mineseen is the last received yourseen, which should match the myseq going out so tha 
I'm sending and what you expect to see are the same. 
Missing three keepalives in a row on the WAN takes the line protocol down. To spot such issues, al\ 
check your Layer 1 modem control leads as you did previously with show interfaces sO. The inter 
resets would also have incremented. Although it takes 20 to 30 seconds for the interface to go dow 
comes back up almost immediately. 
Take a few minutes and try this out as in Example 9-17. Make sure things are up and running from 
preceding exercise, such as term mon, the service timestamps commands, and the debug serii 


interface command. Turn off the keepalives on r6sO and monitor the results. Turn them back ona 
monitor the results until things are working again. 


Example 9-17. Debug Serial | nterface with Keepalive Issues 


r6#show debug 

Generic serial: 

Serial network interface debugging is on 

r6é#configure terminal 

r6 (config) #interface sO 

Dec 21 06:33:09.175: Serial0: HDLC myseq 462, mineseen 462*, yourseen 462, line up 
r6(config-if)#no keepalive 


Dec 21 06:33:24.659: Serial0 - Got keepalive with none configured 


r6#show interface s0 
SerialO is up, 
Hardware is HD64570 
Internet 
MTU 1500 bytes, 
Encapsulation HDLC, 


Last input 00:00:05, 


0 output errors, 


BW 64 Kbit, 


loopback not set, 


output 00:00:04, 


O collistons; 


0 output buffer failures, 


6 carrier transitions 


DLY 20000 usec, 


line protocol is up 


address is 192.168.9.17/30 


rely 255/255, 
keepalive not set 


output hang never 


OQ interface resets 


0 output buffers swapped out 


Dec 21 06:33:34.775: HD(0): got an interrupt state = 0x8055 
Dec 21 06:33:34.779: HD(0): New serial state = 0x0055 

Dee 21 06333734..779% HD (0): DIR is down. 

Dec 21 06:33:34.783: HD(1): New serial state = 0x0600 

Dec 21 06:33:34.783: HD(1): Cable is unplugged. 

Dec 21 06:33:34.787: HD(0): got an interrupt state = 0x8057 
Dec 21 06:33:34.791: HD(0): New serial state = 0x0057 

Dec 21 06:33¢34.7912 HD (0): DIR is up. 

Dec 21 06:33:34.795: HD(1): New serial state = 0x0600 

Dec 21 06:33:34.795: HD(1): Cable is unplugged. 

Dec 21 06:33:34.795: HD(0): got an interrupt state = 0x805F 
Dec 21 06:33:34.799: HD(0): New serial state = 0x005F 

Dec 21 06:33:34.799: HD(0): DTR is up. 

Dec 21 06:33:34.803: HD(1): New serial state = 0x0600 

Dec 21 06:33:34.803: HD(1): Cable is unplugged. 

Dec 21 06:33:34.807: Serial0O - Got keepalive with none configured 


load. 1/255 


DCD=up DSR=up DTR=up RTS=up CTS=up 
r6é#configure terminal 


r6(config-if) #keepalive 10 


Dec 21 06:34:39.295: Serial0: HDLC myseq 0, mineseen 463*, yourseen 471, line up 
Dec 21 06:34:45.859: HD(0): got an interrupt state = 0x8055 

Dec 21 06:34:45.859: HD(0): New serial state = 0x0055 

Dec 21 06:34:45.863: HD(0): DTR is down. 

Dec 21 06:34:45.863: HD(1): New serial state = 0x0600 

Dec 21 06:34:45.863: HD(1): Cable is unplugged. 

Dec 21 06:34:45.871: HD(0): got an interrupt state = 0x8057 

Dec 21 06:34:45.871: HD(0): New serial state = 0x0057 

Dec 21 O6%34245.8752 BD(0): DIR 2s -up. 

Dec 21 06:34:45.875: HD(1): New serial state = 0x0600 

Dec 21 06:34:45.875: HD(1): Cable is unplugged. 

Dec 21 06:34:45.879: HD(0): got an interrupt state = 0x805F 

Dec 21 06:34:45.879: HD(0): New serial state = 0x005F 

Dec 21 06:34:45.883: HD(0): DTR is up. 

Dec 21 06:34:45.883: HD(1): New serial state = 0x0600 

Dec 21 06:34:45.883: HD(1): Cable is unplugged. 

Dec 21 06:34:49.295: Serial0: HDLC myseq 1, mineseen 1*, yourseen 472, line up 
Dec 21 06:34:59.295: Serial0: HDLC myseq 2, mineseen 2*, yourseen 1, line up 
Dec 21 06:35:09.419: Serial0O: HDLC myseq 3, mineseen 3*, yourseen 2, line up 


r6(config-if) #end 


UseExample 9-17 to review the normal handshake-like activity of the WAN sequence numbers agai 
Keepalives are sequence numbers and acknowledgments that go to the other end of the point-to-p 
This is why you witnessed the "got keepalive with none configured" message. The up, down, up, dc 
interface reset activity (flapping link) was a good indication of no keepalives. The shaded output of 
sequence numbers shows how they restart after the interface has been brought back to the up stat 
line protocol does not come back to the up status and the keepalive activity still does not occur, | v 
suspect a hardware problem. 


Now turn off all debugging and examine r6sO in Example 9-18. Clear the counters to remove the ir 
resets and carrier transition activity. Look at the routing tables and test connectivity with ping as ir 
Example 9-19. 


Example 9-18. Cleaning Up 


r5#undebug all 
ré#undebug all 
ré#show interfaces s0 
SerialO is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:02, output 00:00:01, output hang never 
Last clearing of "show interface" counters 00:26:25 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
521 packets input, 33073 bytes, O no buffer 
Received 187 broadcasts, 0 runts, O giants, 0O throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
526 packets output, 33082 bytes, O underruns 
0 output errors, O collisions, 0 interface resets 
0 output buffer failures, 0 output buffers swapped out 
8 carrier transitions 


DCD=up DSR=up DTR=up RTS=up CTS=up 


r6é#celear counters sO 


Clear "show interface" counters on this interface [confirm] 


Dec 21 06:50:12.259: SCLEAR-5-COUNTERS: Clear counter on interface Serial0O by cons 


Example 9-19. Testing the HDLC Scenario 


r6#show ip route 


Gateway of last resort is not set 
1.0.0.0/32 is subnetted, 1 subnets 

D 1.1.1.1 [90/41664000] via 192.168.9.18, 00:16:40, Serial0 
2.0.0.0/32 is subnetted, 1 subnets 

D 2.2.2.2 [90/41664000] via 192.168.9.18, 00:16:40, Serial0 
3.0.0.0/32 is subnetted, 1 subnets 

D 3.3.3.3 [90/41152000] via 192.168.9.18, 00:16:40, Serial0 
4.0.0.0/32 is subnetted, 1 subnets 

D 4.4.4.4 [90/41664000] via 192.168.9.18, 00:16:40, Serial0 


192.168.9.0/30 is subnetted, 5 subnets 


D 192.168.9.0 [90/41536000] via 192.168.9.18, 00:16:40, Serial0d 
D 192.168.9.4 [90/41536000] via 192.168.9.18, 00:16:40, Serial0d 
D 192.168.9.8 [90/41536000] via 192.168.9.18, 00:16:40, Serial0d 
D 192.168.9.12 [90/41024000] via 192.168.9.18, 00:16:41, Serial0 
Cc 192.168.9.16 is directly connected, Serial0O 


5.0.0.0/32 is subnetted, 1 subnets 
D 5.5.5.5 [90/40640000] via 192.168.9.18, 00:16:42, Serial0O 
6.0.0.0/32 is subnetted, 1 subnets 


@ 6.6.6.6 is directly connected, Loopback9 


ré#ping 
Sending 
Success 
ré#ping 
Sending 
Success 
ré#ping 
Sending 
Success 
ré#ping 
Sending 
Success 
ré#ping 
Sending 
Success 
ré#ping 
Sending 
Success 
ré#ping 
Sending 


Success 


a Ee ares Eo 


9, 100-byte 


rate is 100 


2.2.2.2 


5, 100-byte 


rate is 100 


3:23.33 


5, 100-byte 


rate is 100 


4.4.4.4 


5, 100-byte 


rate is 100 


525.545 


5, 100-byte 


rate is 100 


6.6.6.6 


5, 100-byte 


rate is 100 


192.168.9.1 


5, 100-byte 


rate is 100 


ICMP Echos to 1.1.1.1, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 84/87/92 ms 


ICMP Echos to 2.2.2.2, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 88/88/88 ms 


ICMP Echos to 3.3.3.3, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 56/57/60 ms 


ICMP Echos to 4.4.4.4, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 84/92/112 ms 


ICMP Echos to 5.5.5.5, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 32/32/32 ms 


ICMP Echos to 6.6.6.6, timeout is 2 seconds: 


percent (5/5), round-trip min/avg/max = 4/4/4 ms 


ICMP Echos to 192.168.9.1, timeout is 2 seconds: 


88/88/88 ms 


percent (5/5), round-trip min/avg/max 


When you have thoroughly tested your scenario, save all configurations to a file named hdlc endinc 
configurations. 


NOTE 


Frame Relay is covered in the preceding chapter. When shooting trouble with Frame Relay, iss 
debug serial interface command early on to see the keepalive activity. Change the 
encapsulation to HDLC to see the keepalive traffic, because if LMI is down for Frame Relay, th: 
frame interface will not be able to generate keepalives. Remember, it only takes three missed 
keepalives to take the line down. 


HDLC is the default encapsulation for serial links. If you are using multiple vendors, multiple Layer 
protocols, or need authentication, however, HDLC is not the solution. PPP was created to eliminate 
the issues, such as running multiple protocols and authentication with HDLC, but CiscoHDLC handle 
multiplexing of Layer 3 protocols just fine. 


PPP 


PPP was designed in the 1980s as a point-to- point Internet encapsulation protocol. In addition to t 
overcomes the standards limitations on serial connectivity, including addressing, encapsulation, an 
multiple protocol support through Link Control Protocols (LCPs) and Network Control Protocols (NC 
includes router-to-router and host-to-host type connections over synchronous and asynchronous ci 


The Layers 


PPP offers secure access over any WAN Physical Layer interface, including asynchronous/synchronc 
HSSI, and ISDN. It uses LCPs to negotiate and set up data-link parameters and NCPs to encapsula 
multiple protocols, as illustrated in Figure 9-4. 


Figure 9-4, PPP Layers 


aie, IP IPX Others o°" 
a (IPCP) (IPXCP) aor" 


‘Network Control Protocols (NCPs) 


ae 
~ - 


Control Protocol 
2 Q.921 
Authentication Compression Error Detection Multilink 
Link Control Protocols (LCPs) 
1.430 
1 synchronous asynchronous 
Physical Media 


The frame structure is very similar to |SO's HDLC with an added Protocol field, as you can See in Fi 
However, it is a bit more than Cisco's HDLC because it has authentication and other capabilities. 


Figure 9-5. PPP Frame Format 


Address Control Protocol 
FF 03 


1 Byte 1 Byte 2 Bytes 


The beginning or ending flag is 7E or 01111110 in binary. The Address field is the broadcast addre 
Fs in hex or all 1s in binary because station addresses are not assigned. The Control field is much | 
Type 1. The Protocol field encapsulates the upper-layer protocols. The default maximum length of t 
field is 1500 bytes, although other values are allowed by adjusting the maximum transmission unit 
size. The FCS is normally 2 bytes but can be 4 bytes to improve the error-detection capabilities. 


PPP is a connectionless link service that goes through four LCP phases, as follows: 


Link establishment and configuration (ACK frame has been sent and received) 
Link quality determination 
NCP configuration negotiation to support multiple Layer 3 protocols 


Link termination (user request or physical problem) 


There are also four LCP configuration options, as follows: 


e Authentication— No authentication is the default, but PAP, CHAP, and Microsoft Challenge H 


Authentication Protocol (MSCHAP) are available. PAP is only done upon the initial link establis 
is a one-way challenge performed one time. The hostname/username and password are sent 
text, and the peer (calling router) is in control of the attempts. Hostnames and passwords are 
SeNslI tl vE. The PAP security level is better than nothing but not always the best option. | tenc 
with whoever coined the phrase "pathetic authentication protocol" on this one. CHAP is prefer 
is an |ETF standard. CHAP is a three-way challenge that randomly happens for the length of t 
uses a Shared secret password that is known only to the communicating routers. This shared : 
an MD5 hash. A hash is a one- way algorithm, so the actual password is never sent across the 
simplicity's sake, think of the hash being equal to "MyName+Password" when challenged, anc 
would compare it to your table of username commands with passwords to see whether the va 
get of "Username+Password" matches the value! sent. It is a bit more complicated than that 
reality, but that covers the concept. If you prefer, you can think of the hash algorithm like tur 
potatoes into hash browns or a pig into sausage. It is kind of difficult to reverse these activitie 


NOTE 


The challenge sent by the called router contains a block of data. The calling router uses i 
password to calculate an MD5 hash of the data block that is sent in the response. The cal 
router uses its password for the connection to also calculate an MD5 hash of the data blo 
and compares the results to determine whether to accept or deny. Thus, the password is 
sent on the communications link. 


Compression— Offered through the Cisco Control Protocol (CCP) using Stacker or Predictor. 


Error detection— Monitor data drops with a quality number and avoid frame looping with th 
number. 


Multilink— Bundling multiple links to use them as one using the Multilink Protocol (MP). This 
referred to as Multilink Point-to-Point Protocol (MPPP). 


From a support standpoint, take the KISS (Keep It Simple, Stupid!) approach. This means make st 
can communicate and then augment with authentication and other options. Refer back to the scenz 
Figure 9-1 to make sure you configure all the interfaces. The configuration of r1 is in Example 9-2(C 
you started. 


Example 9-20. rl PPP Encapsulation 


r1l(config) #interface s0 
rl (config-if) #shut 
r1l(config-if) #encap ppp 
rl(config-if)#no shut 
r1l(config-if) #end 


rl#copy running-config startup-config 


Next you should verify that PPP is in fact the encapsulation being used and that you can ping from 
end as in Example 9-21. Look for LCP Open followed by open CPs for each payload type. If necessa 
can carefully use debug ppp negotiation. 


Example 9-21. Verifying PPP Encapsulation 


ré#show interfaces s0 
SerialO is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation PPP, loopback not set, keepalive set (10 sec) 
LCP Open 


Open: TPCP, -CDPCP 


ré#ping 1.1.1.1 


Type escape sequence to abort. 


Sending 5, 100-—byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg/max = 88/88/92 ms 


Although only shown on r6 in Example 9-21, all routers are set to PPP encapsulation and the pings 
both directions. Note the shaded output of the Layer 2 LCP open and the Layer 3 IPCP and CDPCP. 
indicates that the link establishment phase is operational and that the Network Layer protocol phas 
sending NCP packets for IP and CDP. 


Shooting Trouble with PPP 


Shooting trouble with PPP normally does not involve solely PPP as it is configured here. PPP issues 
involve authentication and other LCP options. 


Configure an appropriate username and password statement on r5 and r6 and configure CHAP 
authentication with me in Example 9-22. First configure r5, then turn on debug ppp authenticati 
and then configure r6. Note the incoming challenge expected values as you configure r6. 


Example 9-22. PPP Encapsulation with CHAP Authentication 


r5(config) #username r6 password donna 

r5(config) #interface sl 

r5(config-if) #shut 

r5(config-if)#ppp authentication ? 
chap Challenge Handshake Authentication Protocol (CHAP) 
ms-chap Microsoft Challenge Handshake Authentication Protocol (MS-—CHAP) 
pap Password Authentication Protocol (PAP) 

r5(config-if)#ppp authentication chap 

r5(config-if)#no shut 

r5(config-if) #end 


r5#copy running-config startup-config 


ré6#debug ppp authentication 


r6é#configure terminal 

r6 (config) #user 

!!'tnote the incoming challenges here 

Dec 21 07:37:12.391: Se0 PPP: Phase is AUTHENTICATING, by the peer 
Dec 21 07:37:12.399: Se0 CHAP: I CHALLENGE id 57 len 23 from "r5" 


Dec 21 07:37:12.403: Se0O CHAP: Username r5 not found 


Dec 21 07:37:12.407: Se0 CHAP: Unable to authenticate for peer 
r6 (config) #username r5 pa 
Dec 21 07:37:16.431: Se0 PPP: Phase is AUTHENTICATING, by the peer 


Dec 21 07:37:16.439: Se0O CHAP: I CHALLENGE id 58 len 23 from "r5" 


Dec 21 07:37:16.443: Se0O CHAP: Username r5 not found 


Dec 21 07:37:16.447: Se0 CHAP: Unable to authenticate for peer 
r6(config) #username r5 password donna 

Dec 21 07:37:18.519: Se0 PPP: Phase is AUTHENTICATING, by the peer 
Dec 21 O7337218.531: Se0 CHAP: I CHALLENGE id 59 len 23 from "rs" 


Dec 21 07:37:18.535: Se0O CHAP: Username r5 not found 


Dec 21 07:37:18.539: Se0 CHAP: Unable to authenticate for peer 


Dec 21 07:37:22.563: Se0 PPP: Phase is AUTHENTICATING, by the peer 


Dec 21 07:37:22.571: Se0O CHAP: I CHALLENGE id 60 len 23 from "r5" 


Dec 21 07:37:22.575: Se0 CHAP: O RESPONSE id 60 len 23 from "r6" 


Dec 21 07:37:22.591: Se0 CHAP: I SUCCESS id 60 len 4s 

r6(config) #interface sO 

Dec 21 07:37:23.551: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
“iate to up 

r6(config-if) #shut 

Dec 21 07:37:29.243: SLINK-5-CHANGED: Interface Serial0O, changed state to administ 
“Zlown 


Dec 21 07:37:30.243: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 


“tate to down 

r6(config-if)#ppp authentication chap 

r6(config-if) #no shut 

r6(config-if) #end 

Dec 21 07:37:49.131: %SSYS-5-CONFIG_I: Configured from console by console 
Dec 21 07:37:49.747: SLINK-3-UPDOWN: Interface Serial0, changed state to up 
Dec 21 07:37:49.779: Se0 PPP: Treating connection as a dedicated line 
Dec 21 07:37:49.795: Se0 PPP: Phase is AUTHENTICATING, by both 

Dec 21 07:37:49.799: Se0 CHAP: O CHALLENGE id 1 len 23 from "r6" 

Dec. 21 07337:49.803: Se0 CHAP? I CHALLENGE id 61 len 23 from "rs" 

Dec. 21 O7337249. 81123 Sé0 CHAP: O RESPONSE id 61 len 23 from "ro" 

Dec. 41 OU7F37249. 8152 Se0 CHAP? I RESPONSE id 1. len 23. from "r5" 


Dec 21 07:37:49.819: Se0 CHAP: O SUCCESS id 1 len 4 


Dec. 21. U7337249.8233 Se0 CHAP? I SUCCESS id 61. len 4 


Dec 21 07:37:50.827: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
“tate to up 
ré6é#copy running-config startup-config 


ré#u all 


When you configure authentication only on r5, it shuts down the line protocol. Because both router 
configured, you are seeing the authentication process for both. This is one of those processes that i 
entertaining to watch (when it is successful). (Sometimes we support people get excited over the li 
things.) The debug ppp authentication output is fairly simple to understand. Review the ending 

authentication by both parties and the input (I) and output (O) challenge, response, and success li 


You can perform two-way CHAP between routers, which may be initiated in either direction or both 
Alternatively, it may just be a one-way CHAP between an end system and a router. After link estab 
occurs, the called router sends a challenge to the calling router. The calling router sends a respons 
the called router can either accept or reject. These challenges continue to occur but on a random ir 
depending on the local router or a third-party authentication server, such as Terminal Access Contr 
Access Control System (TACACS) or Remote Authentication Dial-in User Service (RADIUS), if one i: 


Follow through Example 9-23 for mismatched authentication issues. Change the router r6 connecti: 
authentication and continue to watch the output of debug ppp authentication. 


Example 9-23. PPP with Mismatched Authentication 


ré#debug ppp authentication 


PPP authentication debugging is on 


r6é#configure terminal 


r6(config) #interface sO 


r6 (config) #shut 


Dec 21 07:49:10.091: 


own 


r6(config-if)#ppp authentication pap 


Dec 21 07 :749:11..091: 


™tate to down 


r6(config-if)#no shut 


Dec 21 07:49:18.939: 


Dec 21 07:49:18.971: 


r6(config-if) #end 


Dec 21 07 :4951.. 519: 


!ttnot 


!!!yet 


Dec 


Dec 


bec 


Dec 


Dec 


bec 


Dec 


Now that you have worked with this for yourself, it should be much easier to 


21 


21 


21 


21 


21 


21 


21 


SLINK-5-CHANGED: 


SLINI 
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Interface Serial0O, 
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state to 
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down status or flapping link as a likely authentication problem. Change the PPP authentication of r\ 
to CHAP and monitor the results in Example 9-24. Turn off all debug output using the shortcut. 


Example 9-24. Debug PPP Authentication 


r6(config-if) #shut 

Dec 21 08:01:56.039: SLINK-5-CHANGED: Interface Serial0, changed state to administ 
“flown 

r6(config-if)#ppp authentication chap 

r6(config-if) #no shut 

Dec 21 08:02:33.635: SLINK-3-UPDOWN: Interface Serial0, changed state to up 

Dec 21 08:02:33.667: Se0 PPP: Treating connection as a dedicated line 


Dec 21 08:02:33.679: Se0 PPP: Phase is AUTHENTICATING, by both 


Dec 21 08:02:33.683: Se0O0 CHAP: O CHALLENGE id 2 len 23 from "r6" 


Dec 21 08:02:33.687: Se0O CHAP: I CHALLENGE id 62 len 23 from "r5" 


Dec 21 08:02:33.695: SeO0 CHAP: O RESPONSE id 62 len 23 from "r6" 


Dec 21 08:02:33.699: SeO CHAP: I RESPONSE id 2 len 23 from "r5" 


Dec 21 08:02:33.707: Se0 CHAP: O SUCCESS id 2 len 4 


Dec 21 08:02:33.711: Se0 CHAP: I SUCCESS id 62 len 4 


Dec 21 08:02:34.711: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, chan 
“tate to up 
r6(config-if) #end 


ré#u all 


Now that everything is working again, perform similar testing with the debug ppp negotiation cc 
inExample 9-25. | wanted you to get used to the no debug shortcut to prepare yourself for when t 
router is too busy to let you type the full command. Consider typing u all before you start any debi 
activity so that you can quickly use the Up Arrow key to turn it off in a pinch. 


Example 9-25. Debug PPP Negotiation 


ré#u all 

r6#debug ppp negotiation 
r6é#configure terminal 
r6(config) #interface sO 


r6(config-if) #shut 


Dec 21 08:09:26.355: SLINK-5-CHANGED: Interface Serial0O, changed state to administ 


“own 
Dec 21 08:09:26.387: SeO0 IPCP: State is Closed 
Dec 21 08:09:26.387: Se0 CDPCP: State is Closed 


Dec 21 08:09:26.391: Se0O PPP: Phase is TERMINATING 


Dec 21 08:09:26.391: Se0 LCP: State is Closed 


Dec 21 08:09:26.395: Se0O PPP: Phase is DOWN 


Dec 21 08:09:26.399: Se0 IPCP: Remove route to 192.168.9.18 


Dec 21 08:09:27.355: SLINEPROTO-5-UPDOWN: Line protocol on Interface Seriald, 
“tate to down 

r6(config-if)#ppp authentication pap 

r6(config-if) #no shut 

Dec 21 08:09:57.935: SLINK-3-UPDOWN: Interface Serial0, changed state to up 
Dec 21 08:09:57.967: Se0 PPP: Treating connection as a dedicated line 

Dec 21 08:09:57.967: Se0 PPP: Phase is ESTABLISHING, Active Open 

ré#u all 

Dec 21 08:09:57.971: Se0 LCP: O CONFREQ [Closed] id 62 len 14 

Dec 21 08:09:57.975: Sed LCP: AuthProto PAP (0x0304C023) 

Dec 21 08:09:57.979: Se0O LCP: MagicNumber O0x10ABD744 (0x050610ABD744) 
Dec 21 08:09:57.983: SeO LCP: I CONFREQ [REQsent] id 189 len 15 

Dec 21 08:09:57.987: Sed LCP: AuthProto CHAP (0x0305C22305) 


Dee. 21, OS 09357 ..991. SSO: LCP: MagicNumber Ox003C1F4F (0x0506003C1F4F) 


Dec 21 08:09:357.991: SeO LCP: O CONFACK [REOQsent] id 189 len 15 


chan 


bec’ 21) 08309357 .995: S60: LCP: AuthProto CHAP (0x0305C22305) 
Dec. 21. O82: 09257. 999%. Se0. LCP: MagicNumber Ox003C1F4F (0x0506003C1F4F) 


Dec 21 08:09:58.003: SeO LCP: I CONFNAK [ACKsent] id 62 len 9 


Thedebug ppp negotiation command illustrates LCP authentication and error detection as well N' 
addressing in quite a bit more detail than debug ppp authentication. |t was intriguing trying to i 
other commands. At the beginning of the output, |PCP and CDPCP were closed and PPP was termin 
Pay attention to the Os and Is for outgoing and incoming challenges. r6 sent out PAP and wanted t 
on a magic number, but that didn't happen. As a result, the 192.168.9.18 route was removed. The 
was an incoming request for CHAP. Notice the couple of REQsents followed by the CONFNAK [Nega 
sent] rather than a CONFACK. The connection finally closes because the remote host won't authent 


NOTE 


More detail means more overhead, so be sure to turn off all debug output when you are finish: 
troubleshooting. 


Next make sure the authentication between r5 and r6 is set back to CHAP. Turn on debug ppp ne 
to watch the normal activity as in Example 9-26. Follow the Outgoing and Incoming debugs. 


Example 9-26. Debug PPP Negotiation 


r6#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Loopback9 65561501..6 YES manual up up 
Serial0O VIZ 168. 94k. YES manual up down 


r6#show interfaces sO 
SerialO is up, line protocol is down 
Hardware is HD64570 


Internet address is 192.168.9.17/30 


MTU 1500 bytes, 


Encapsulation PPP, 


LCP Listen 


Closed: LEXCP, 


ré#configure terminal 


LLC2, 


DECCP, 


ATCP, 


BW 64 Kbit, 


loopback not set, 


IPXCP, 


r6 (config) #interface s0 


r6(config-if) #shut 


Dec 21 08:20:40.411: 


%SLINK-5-CHANGED: 


administratively down 


DLY 20000 usec, 


OSICP, 


rely 255/255, load 1/255 


keepalive set (10 sec) 


VINESCP, XNSCP, IPCP, CCP, CDPCP, BRIDGECP 


NBFCP, BACP 


r6(config-if)#ppp authentication chap 


r6(config-if) #end 


Dee. 21. 083821213 58033 


ré#u all 


SSYS=5=CONFIG_1I: 


All possible debugging has been turned off 


r6#debug ppp negotiation 


PPP protocol negotiation debugging is on 


ré#configure terminal 


r6 (config) #interface s0 


r6(config-if) #no shut 


r6(config-if) #end 


Dec 


Dec 


Dec 


Dec 


Dec 


Dec 


yan 


1245: 


1:46. 


1:46. 


1:46. 


1:46 


Lpa6. 


Leys 


220% 


Zoos 


259% 


“oes 


267% 


SSYS-5-CONFIG_I: 


SLINK-3-UPDOWN: 


SeO PPP: 


SeO PPP: 


Se0. LCP: 


se0 LCP: 


Interface Serial0, changed state to 


Configured from console by console 


Configured from console by console 


Interface Serial0O, changed state to up 


Treating connection as a dedicated line 


Phase is ESTABLISHING, Active Open 


O CONFREQ [Closed] 


AuthProto CHAP 


id 93 len 15 


(0x0305C22305) 


Dec 21 08:21:46.271: Se0O LCP: MagicNumber 0x10B6A853 (0x050610B6A853) 


Dec 21 08:21:46.275: SeO LCP: I CONFREQ [REQsent] id 254 len 15 


Dec 21 08321:346.279: Se0 LCP: AuthProto CHAP (0x0305C22305) 


Dee 242i C8s2le46.279% Se0 LCP: MagicNumber Ox0046EF5C (0x05060046EF5C) 


Dec 21 08:21:46.283: Se0O LCP: O CONFACK [REQsent] id 254 len 15 


Dec. 21. U8t21346.2872 Se0 LCP: AuthProto CHAP (0x0305C22305) 


Dec 21 08:21:46.291: Se0O LCP: MagicNumber Ox0046EF5C (0x05060046EF5C) 


Dec 21 08:21:46.295: Se0O LCP: I CONFACK [ACKsent] id 93 len 15 


Dec 21 08321:46.295: Se0 LCP: AuthProto CHAP (0x0305C22305) 


Dee 2). O83 21246.299%. Se0. UCP: MagicNumber 0x10B6A853 (0x050610B6A853) 


Dec 21 08:21:46.303: Se0 LCP: State is Open 


Dec 21 08:21:46.303: Se0 PPP: Phase is AUTHENTICATING, by both 


Dec 21 08:21:46.307: Se0O0 CHAP: O CHALLENGE id 3 len 23 from "r6" 


Dec 21 08:21:46.311: Se0O CHAP: I CHALLENGE id 63 len 23 from "r5" 


Dec 21 08:21:46.319: Se0O CHAP: O RESPONSE id 63 len 23 from "r6" 


Dec 21 08:21:46.323: Se0O CHAP: I RESPONSE id 3 len 23 from "r5" 


Dec 21 08:21:46,331: Se0 CHAP: O SUCCESS id 3 len 4 


Dec 21. 08321:46.335: Se0 CHAP? I SUCCESS id 63 len 4 


Dec 21 08:21:46.335: Se0O PPP: Phase is UP 


Dec 21 08:21:46.339: Se0O IPCP: O CONFREQ [Closed] id 5 len 10 


Dec 21 O83 21346.3432. Se0: TPCP: Address 192.168.9.17 (0x0306C0A80911) 


Dec 21 08:21:46.347: Se0 CDPCP: O CONFREQ [Closed] id 5 len 4 


Dec 21 08:21:46.351: Se0O IPCP: I CONFREQ [REQsent] id 5 len 10 


Hee. 21. OerZlsto.355% Se0> TRCPs Address 192.168.9.18 (0x0306C0A80912) 


Dec 21 08:21246.359: Se0 IPCP: 0 CONFACK [REOQsent] id 5 len 10 


Dee 2l. O8s212346.3863 Se0. TRCPs Address 192.168.9.18 (0x0306C0A80912) conf t 


ré#u all 


Dec 21 08:21:46.367: Se0O CDPCP: I CONFREQ [REQsent] id 5 len 4 


Dec 21 08:21:46.367: Se0O CDPCP: O CONFACK [REQsent] id 5 len 4 


Dec 21 08:21:46,371: Se0 IPCP: I CONFACK [ACKséent] id 5 len 10 


Dec: 21 Oes21746.3757. Se0. TPCP: Address 192.168.9.17 (0x0306C0A80911) 


Dec 21 08:21:46.379: Se0 IPCP: State is Open 


Dec 21 08:21:46.383: Se0O0 CDPCP: I CONFACK [ACKsent] id 5 len 4 


Dec 21 08:21:46.383: Se0 CDPCP: State is Open 


Dec 21 U8r21246.3952 -Sée0) IPCP: Install route to 192.168.9:.18 


Dec 21 08:21:47.335: SLINEPROTO-5-UPDOWN: Line protocol on Interface Serial0O, 
changed state to up 


All possible debugging has been turned off 


NOTE 


If you are certain you have typed everything correctly in the configuration, remove (no out) t 
authentication statements to verify you can communicate without them. Then put them back < 
verify again. 


| think this example speaks for itself, and you can follow the link establishment, authentication, an 
network phase very easily. Be sure to remove any username all statements that you may have ac 
put in by typing the shortcut u all (for undebug all) while in configuration mode. Compare your e 
saved configurations to the output in my ppp ending configs file. 


Note that in both PAP and CHAP authentication methods, the password still shows up in the configt 
Actually this depends on the I|OS version. Prior to |OS 11.2, the passwords were encrypted. If you ' 
them encrypted in the configuration now, you can use the service password-encryption global 
configuration command. The passwords will then show as encryption type number 7 in the configu! 
However, only PAP passwords are sent across the wire in the clear, not CHAP. 


PPP is used not only for serial interfaces but over Integrated Services Digital Network (ISDN) conn 
well. My focus in the next WAN topic is ISDN BRI. You may or may not have the equipment to perf 
hands-on exercises and Trouble Tickets for this topic, but | have included the examples in this bool 
appropriate files are available for your review. 


ISDN BRI 


Originally it was thought that ISDN would replace every phone line in the United States. However, 
service has transitioned through periods where some people just did not appreciate its digital adva 
including quality, speed, and call setup. ISDN provides voice, data, video, and other services for th 
office/home office (SOHO) and telecommuter environments as well as backup services and conting 
plans for others. Depending on the availability, bandwidth, and cost of other services, it may still b 
alternative. 


Although my primary focus here is BRI as displayed in Figure 9-6, there are two flavors of ISDN: 
e Basic Rate Interface (BRI) 
- 2B (64 kbps) for data, voice, video 


- Bearer channels 


- 1D (16 kbps) for out-of-band control and signaling 


- Delta channel 
- Total bit rate is 144 kbps 
- 2B+D 


e Primary Rate Interface (PRI) 


- 23 B (64 kbps) for data, voice, video 

- 1D (64 kbps) for out-of-band control and signaling 
- 23B+D 

- Total bit rate is 1.536 Mbps 


- 30 B+ 1D for a total bit rate of 2.048 Mbps in Europe, Australia, and Japan 


Figure 9-6. ISDN BRI 


(LAPD) p 


-2B - + D 
64 kbps + 64 kbps 16 kbps 
128 + 16 
+ 48 kbps = 192 kbps 


(synch and framing) 


NOTE 


Japan uses a J1, which is equivalent to a T1 PRI (23 B + D) 


NOTE 


The BRI interface creates the 2 B channels (128 kbps) and the D channel (16 kbps) to total 14 


kbps. If you add the other 48 kbps of overhead (synchronization and framing), the total becor 
192 kbps. 


The ISDN network components in Figure 9-7 include the terminal equipment, termination devices, 
reference, and function points. 


Figure 9-7. ISDN Network Components 


BAI 4-wire Telco 2-wire 


“TA typically includes NT1 


Terminal equipment includes the following: 


e TE1— Native ISDN terminal, such as a router or telephone 
e TE2— Non-native |SDN terminal, such as a router or PC; needs a terminal adapter (TA) 
Network termination devices include the following: 
e NT1— CPE in North America; carrier provided elsewhere. It is the device responsible for the t 
division multiplexing (TDM) between the four-wire connection from the router to the two-wire 


connection to the telco. The NT1 applies power to the line. 


e NT2— Typically found in private branch exchanges (PBXs). There is an NT1/2 available to prc 
function of both the NT1 and NT2. Not always used. 


A line termination (LT) is a physical connection to an ISDN switch, whereas reference points are m: 
conceptual interfaces. They are just letters of the alphabet that don't stand for anything, but they c 
to go in alphabetic order toward the service provider: R, S, T, U. Pictures are quite helpful here, ar 
concepts appear to be pretty significant on all Cisco exams. Figure 9-8 gives you a block diagram r 
the ISDN functions and the following reference points: 

e R— Between non-ISDN equipment (TE2) and TA 

e S— Between user terminals and NT2 

e T— Between NT1 and NT2 


e U— Between NT1 and the carrier network 


e V— Between ISDN switches within the carrier cloud 


Figure 9-8. ISDN Functions and Reference Points 


Native 
ISDN MKS, 


Non-Native 
re ISDN 


NOTE 


Do not connect a U reference point on a router into an NT1 or you may find out what blue smc 
(that is, a fried device) smells like. By the same token, do not plug a powered NT1 cable into ¢ 
Ethernet or console port. As shown in Figure 9-8, the U includes the NT1 and the NT1 is what 
applies the 48V DC power to the line. 


In the United States, the NT1 is the responsibility of the subscriber, whereas in Europe it is typicall 
provided by the service provider. ISDN is an international service, but services, providers, and swil 
vary by region and country. 


Although there are many different switch types, it is possible to have one emulate another. For exa 
can take an Adtran switch, which defaults to basic-nil, and have it emulate a basic-5ess, which is | 
Madge switch uses. Table 9-3 lists some of the major ISDN switch types. 


An ISDN simulator may be more cost-effective for labs and may be what you are using here. Howe 
still need to be familiar with the switch types and how to configure them. 


Table 9-3. ISDN Switch Types 


Switch Type Location 

Basic-5essi*1 AT&T (U.S. and Canada) 
Basic-dms100 North America 

Basic-nil National ISDN-1 (North America) 
Basic-ts013 Australia 

Basic-net3 United Kingdom and Europe 

Ntt Japan 


(*1 10S 12.0 code sets the ISDN switch type to basic-5ess as the default. 


The basic-nil uses Service Profile | dentifiers (SPIDs), and the basic-5ess doesn't. SPIDs are an opt 
feature that may or may not be utilized depending on the provider (and in fact frequently is depen 
the switch type used by the provider). Typically, SPIDs include the E.164 10-digit (area code + nur 
addition to extra ID codes. National ISDN will have 14 digits (fqn + 0101), and DMS will have 12 d 
+ fqn). 


NOTE 


10S 12.0 and above sets the global ISDN switch type to basic-5ess by default. All interfaces in 
the global switch type unless one is specifically configured on the interface. 


As you can see, ISDN is available in different parts of the world. Cisco |SDN standards are based o 
international standards. The ITU-T standard encompasses Layer 1 through Layer 3, and is further ¢ 
follows: 


e E series— For telephone, network, and ISDN, including numbering plans and addressing. 


e I series— For concepts, structures, and terminology for devices. 


e Q series— For switching and signaling with LAPD (Q.921) for the D channel and Q.931 Netwc 
between the ISDN switch and the terminal device. 


NOTE 


To help you commit the ISDN standards to memory, think of them as such: E for existing; | fo 
information; and Q for signaling. (Admittedly, the Q is harder to remember than the others; 
perhaps you can think of it like the q933a for LMI signaling in Frame Relay.) 


Just as the standards suggest, ISDN call processing takes a layered approach. It uses Link Access 
(LAPD) for control and signaling on the D channel. In many instances, the 16-kbps D channel appe 
always be up, which is why call setup takes less than a few seconds. Normally, the common signali 
between the local ISDN switch and the remote ISDN switch (in the cloud) is Signaling System 7 (S: 
However, SS7 is beyond the scope of this book. The B channels are mostly used for circuit-switchec 
encapsulated as either HDLC or PPP, whereas the D channel is used for signaling. 


The Layers 


At the Physical Layer, an RJ-45 connector is wired as follows for the S/T interface at the TA end, wt 
U interface is pins 4/5 only for tip/ring. 


e Pins 1 (green) and 2 (green/white) for power source 


e Pins 7 (brown) and 8 (brown/white) for power sink 


e Pins 3 (orange/white) and 6 (orange) for Tx 


e Pins 4 (blue/white) and 5 (blue) for Rx 


NOTE 


An unused ISDN port is a good place for a cutoff or blank RJ-45 connector, so you don't 
accidentally plug into the port something you shouldn't. 


This is a good time to physically connect r5 and r6 to the NT1 S/T ports as in Figure 9-9. Also conn 
ISDN switch or simulator to the NT1 U ports. Based on the D-channel sync bits, the ports onthe |S 
simulator should be green, whereas the NT1 is flashing ready (green) for the physical connections. 
you will continue to troubleshoot as you walk through the ISDN scenario. Figure 9-9 and Figure 9-' 
the physical views. Do not program your devices for ISDN yet. 


Figure 9-9. Scenario: Shooting Trouble with ISDN BRI 


isdn switch-type basic-ni 

dialer-list 1 protocol ip permit 

int briO 
dialer-group 1 
dialer idle-ti 55 
ip address 192.168.9.21 255.255.255.252 
dialer map ip 192.168.9.22 name r5 8358662 
dialer map ip 192.168.9.22 name r5 8358664 


192.168.9.16/30 
6.6.6.6 em .17 13 Gem 5.5.5.5 
lo9 \ SS rh c lo8 
brid }.21 bri0 $.22 
192.168.9.20/30 
ST S/T 
3|_ (2) 
3) 2 
UU 
SPID1 0(8358661)01 eX basiceni1 SP !O1 0(8358662)01 
SPID2 0(8358663)01 we SPID2 0(8358664)01 


ISDN Switch 


Figure 9-10. 1SDN Simulator and NT1 


<< ISDN Simulator 


Because you can't always physically inspect things, controller and interface commands help you we 
through the layers. For example, show controllers bri 0 shows the Physical Layer statistics. How: 
show isdn status offers the most help at this point. 


Take a look at the Physical Layer statistics as in Example 9-27. 


Example 9-27. 1SDN Physical Layer Statistics 


r5#show controllers bri 0 
BRI unit. 0 
D Chan Info: 
Layer 1 is ACTIVATING 
r5#show isdn status 
**x** No Global ISDN Switchtype currently defined **** 
ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = none 
Layer 1 Status: 
DEACTIVATED 


Layer 2 Status: 


Layer 2 NOT Activated 


Layer 3 Status: 


0 Active Layer 3 Call(s) 


Activated dsl 0 CCBs = 0 


The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs = 0 


| cut the majority of the output in Example 9-27 except for the item you should look for in the sho: 
controllers bri 0 output. The BRI controllers should be activated not activating. The output of sho 
status clearly tells you the problem. | must say this is the most useful command in supporting ISC 
this Physical Layer problem in Example 9-28 on both ISDN routers before you continue. 


Example 9-28. Configuring ISDN BRI at the Physical Layer 


r5#configure terminal 

r5(config) #isdn switch-type ? 
basie=Ltrs 1TR6 switch type for Germany 
basic-—5ess AT&T 5ESS switch type for the U.S. 
basic-dms100 Northern DMS-100 switch type 
basic-net3 NET3 switch type for UK and Europe 
basic -ni National ISDN switch type 


basic-ts013 TS013 switch type for Australia 


net NIT switch type for Japan 
vn3 VN3 and VN4 switch types for France 
<er> 


r5(config) #isdn switch-type basic—ni 


r6(config) #isdn switch-type basic—ni 


r6 (config) #end 


ré#show isdn status 
Global ISDN Switchtype = basic—ni 
ISDN BRIO interface 

dsl. 0, 


Layer 1 Status: 


DEACTIVATED 


r6é#configure terminal 
r6(config) #interface bri0O 
r6(config-if)#no shut 
Dec. 22 ULPOLsS2. 
Dec 22 ULT0L S34 


Dee 22 01201253. 


Dec 22. 0LS01L253.. 


to up 


r5(config) #interface bri0 


r5(config-if)#no shut 


interface ISDN Switchtype = 


987: SLINK-3-UPDOWN: Interface 
019: SLINK-3-UPDOWN: Interface 
119: SLINK-3-UPDOWN: Interface 
327: SISDN-6-LAYER2UP: Layer 2 


Dee 22 01°02:14.267: isdn_Call_disconnect () 

Dec 22 01:02:14.267: SLINK-3-UPDOWN: Interface 

Dec 22 01:02:14.303: isdn_Call_disconnect () 

Dec 22 01:02:14.303: SLINK-3-UPDOWN: Interface 

Dec 22 01:02:14.399: SLINK-3-UPDOWN: Interface 

Dec 22 01:02:14.607: SISDN-6-LAYER2UP: Layer 2 
to up 


r5(config-if) tend 


r5#show isdn status 


Global ISDN Switchtype = 


basic-ni 


basic—-ni 


BRIO:1, changed state to down 


BRIO:2, changed state to down 
BRIO, changed state to up 


for Interface BRO, TEI 99 changed 


BRIO:1, changed state to down 


BRI0O:2, changed state to down 


BRIO, changed state to up 


for Interface BRO, TEI 100 changed 


ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = basic-ni 
Layer 1 Status: 
ACTIVE 
Layer 2 Status: 
TEI = 100, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ ESTABLISHED 
Layer 3 Status: 
QO Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 0 
The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs = 0 


You took the right steps in Example 9-28 to configure the ISDN switch type, but you need to bring 
BRI interfaces, too. Analyze the BRI LEDs on the routers, the NT1, and the simulator. They should | 
green. Now that you know the equipment and the links are working, you can concentrate on the 
configuration. 


NOTE 


Many international ISDN connections do not use the full ISDN signaling, and the interswitch 
connections may limit the speed to 56 kbps. However, the receiving end thinks this is a 64-kb 
call. Configure the 56 kbps call using the isdn not-end-to-end 56 command. In addition, diz 
maps enable you to specify the speed for the outgoing call, but the default is 64 kbps. 


Although not practical (due to expense and security reasons), next | want you to configure ISDN tc 
|P- related traffic to bring up the link between r5 and r6. Assign IP addresses and configure the con 
so that it will time out if idle for more than 55 seconds. Use the ISDN configuration commands in F 
for r6 as a guide, although you must modify them to configure r5 as Example 9- 29 illustrates. 


Example 9-29. Configuring | P Addresses and I SDN Traffic 


r5 (config) #dialer-list 1 protocol ip permit 


r5 (config) #interface briO0 


r5(config-if) #shut 


r5(config-if) #dialer-group 1 


!!!note that all the dialer map parameters are for the destination 


r5(config-if) #dialer map ip 192.168.9.21 name r5 8358661 


r5(config-if) #dialer map ip 192.168.9.21 name r5 8358663 


r5(config-if) #dialer idle-timeout 55 


r5(config-if) #ip address 192.168.9.22 255.255.255.252 


r5(config-if)#no shut 


Dec 22 01:27:06.003: SISDN-6-LAYER2DOWN: 


changed to down 


Dec 22 01:27:06.007: SISDN-6-LAYER2DOWN: 


to down 


Dée@ 22. UL227208:. LO7s: SSYS=5= 


Dec 22 01:27:08.175: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, 


to up 


r5(config-if) tend 


Layer 2 for Interface BRIO, TEI 100 


Layer 2 for Interface BRO, TEI 100 change 


CONFIG_I: Configured from console by console 


!!!follow figure 9-9 for I entered the wrong map 


r5#configure terminal 

r5 (config) #interface bri0O 
r5(config-if) #no dialer map 
r5(config-if) #no dialer map 
!!!now for the correct ones 
r5(config-if) #dialer map ip 
r5(config-if) #dialer map ip 


r5(config-if)#no shut 


ip 192.168.9. 


ip 192.168.9. 


192.168.9.21 


192.168.9.21 


21 name 


21 name 


name r6 


name r6 


Dec 22 01:34:22.943: isdn_Call_disconnect () 


Dée..22 O1F34222 9472 isdn_Call_disconnect () 


Dec 22 01:34:23.011: isdn_Call_disconnect () 


statements 


r5 8358661 


r5 8368663 


8358661 


8358663 


TEI 101 changed 


Dec 22 01:34 


Dec. 22. 01334 
changed to 
Dec. 22 01734 

to down 
Dec. 22 01734 


to up 


P2006 


ee ae 


ee 


25% 


Oda s 


BOD% 


down 


2219 


520% 


isdn_Call_disconnect () 


SISDN-6-LAYER2DOWN: 


%SISDN-6-LAYER2DOWN: 


SISDN-6-LAYER2UP: 


Layer 


Layer 2 


r5#copy running-config startup-config 


r6 (config) #dialer-list 1 protocol ip permit 


r6(config) #interface bri0O 


r6 (config-if) #shut 


r6(config-if) #dialer-group 1 


Layer 2 for Interface BRIO, 


2 for Interface BRO, 


for Interface BRO, 


r6(config-if) #dialer map ip 192.168.9.22 name r5 8358662 


r6(config-if) #dialer map ip 192.168.9.22 name r5 8358664 


r6(config-if) #dialer idle-timeout 55 


r6é(config-if) #ip address 192.168.9.21 255.255.255.252 


r6(config-if)#no shut 


Dee 22 01246230223 


Dec 22 01:46:30 


Dec 22 01:46:30. 


r6(config-if) # 


Dec 22 01:46:30. 


to down 


Dec 22 01:46:30. 


to down 


r6(config-if) # 


Dec 22 01:46:32. 


Seo. 


3913 


523% 


w2.7 2 


687: 


SLINK-3-UPDOWN: 


SLINK-3-UPDOWN: 


SLINK-3-UPDOWN: 


SISDN-6-LAY 


SISDN-6-LAY 


SISDN-6-LAYER2UP: 


Interface 


Interface 


Interface 


ER2DOWN: 


Layer 


ER2DOWN: 


Layer 


Layer 2 


BRIO: 1, 


BRIOS2; 


BRIO, 


2 for Interface BRIO, 


2 for Interface BRO, 


for Interface BRO, 


T 


alia lg 


T 


TEI 102 


EI 101 change 


102 changed 


changed state to down 


changed state to down 


changed state to up 


TEI 99 change 


EI 99 changed 


TEI 103 changed 


to up 
r6(config-if) #end 


ré#copy running-config startup-config 


Now that you have configured ISDN, | want to talk about the configuration a bit before you test it. 
the requirements given prior to Example 9-29 was for you to allow all IP traffic to bring up the link 
Althoughdialer-list 1 protocol ip permit is frequently good in the lab and testing environment, ir 
networks you almost always want a more restrictive policy. Otherwise, you may be paying for ISDI 
charges every time any IP traffic brings up the link. This command is actually the default. However 
doesn't give you any problems until you apply the global dialer-list 1 command using the interfac 
group 1 command. 


Thedialer map command handles the Layer 2 and Layer 3 mapping, similar to the frame-relay m 
learned about in the preceding chapter. | think of it like a static route to configure it. "Where do yo 
go and how will you get there?" is what | ask myself. The "where do you want to go?" part is the d: 
1P and router name. The "how will you get there?" part is the phone number you must dial. Compa 
thedialer map statements you typed back in Example 9-29. 

At this point, you have configured the IP addresses, dialer timeout, and dialer map, but not the ph: 
numbers. The phone number in ISDN is like the data-link connection identifier (DLCI) in Frame Rel 
MAC address on a LAN. With SPIDs the phone numbers are typically included; if not, you must con 


local directory number (LDN). Keep in mind that if you are given SPIDs they should be configured. 
SPIDs that were provided by the service provider, as indicated in Figure 9-9 and Example 9- 30. 


NOTE 
In my case the SPIDs and LDNs were provided by the manufacturer of the |SDN demonstrator 
my lab (and appear a little different if you are using an ISDN switch). Thanks to my friend Chi 


Heffner, a Cisco instructor and CCIE for Global Knowledge Network, for lending it to me. You ¢ 
get more information on this device at www.teltone.com by searching for "isdn demonstrator. 


Example 9-30. Configuring the SPIDs 


r5(config) #interface brid 
r5(config-if) #shut 
r5(config-if) #isdn ? 
all-incoming-calls-v120 Answer all incoming calls as V.120 
answerl Specify Called Party number and subaddress 


answer2 Specify Called Party number and subaddress 


caller 


calling-number 


fast-rollover-delay 


incoming-voice 


not-—end-to-end 


outgoing-voice 


send-alerting 


sending-complete 


spidl 


spid2 


static-tei 


switch-type 


tei-negotiation 


timeout-signaling 


Specify 


Specify 


incoming telephone number to be verified 


Calling Number included for outgoing calls 


Delay between fastrollover dials 


Specify 


Specify 


to end 


Specify 


calls 


Specify 


options for incoming calls. 


speed when calls received are not isdn end 


information transfer capability for voice 


if Alerting message to be sent out before 


Connect 


Specify 


Specify 


Specify 


Specify 


message 


if Sending Complete included in outgoing 


SETUP message 


Service Profile IDentifier 


Service Profile IDentifier 


a Static TEI for ISDN BRI 


Select the Interface ISDN switch type 


Set when ISDN TEI negotiation should occur 


Flush D 


channel if a signaling packet can't be 


transmitted in 1 second 


r5(config-if) #isdn spidl ? 


WORD spidl string 


r5(config-if) #isdn spidl 0835866201 ? 


WORD local directory number 


<Ccr> 


r5(config-if) #isdn spidl 0835866201 8358662 


r5(config-if) #isdn spid2 0835866401 8358664 


r5(config-if)#no shut 


Dec 22 02:12:46.175: 


isdn_Call_disconnect () 


Dec 22 02:12:46.175: SLINK-3-UPDOWN: Interface 


Dec 22 02:12:46.207: isdn_Call_disconnect () 


Dec 22 02:12:46.207: SLINK-3-UPDOWN: Interface 


Dec 22 02:12:46.303: SLINK-3-UPDOWN: Interface 


Dec 22 02:12:46.471: SISDN-6-LAYER2DOWN: Layer 


changed to down 


Dec 22 02:12:46.475: SISDN-6-LAYER2DOWN: Layer 


to down 


Dec 22 02:12:48.643: SISDN-6-LAYER2UP: Layer 2 


to up 


Dec 22 02:12:48.811: tSISDN-6-LAYER2UP: Layer 2 


to up 
r5(config-if) #end 


r5#copy running-config startup-config 


r6é#configure terminal 

r6(config) #interface bri0O 

r6(config-if) #shut 

r6(config-if) #isdn spidl 0835866101 8358661 
r6(config-if) #isdn spid2 0835866301 8358663 
r6(config-if) #no shut 

Dec 22 02:14:28.855: SLINK-3-UPDOWN: Interface 
Dec 22 02:14:28.887: SLINK-3-UPDOWN: Interface 


Dec 22 02:14:28.983: SLINK-3-UPDOWN: Interface 


Dec 22 02:14:29.151: tSISDN-6-LAYER2DOWN: Layer 


changed to down 


Dec 22 02:14:29.155: SISDN-6-LAYER2DOWN: Layer 


to down 


BRIO:1, changed state to down 


BRI0O:2, changed state to down 


BRIO, changed state to up 


2 for Interface BRIO, 


2 for Interface BRO, 


T 


TEI 102 


EI 102 change 


for Interface BRO, TEI 104 changed 


for Interface BRO, TEI 105 changed 


BRIO:1, changed state to down 


BRI0O:2, changed state to down 


BRIO, changed state to up 


2 for Interface BRIO, 


2 for Interface BRO, 


T 


TEI 103 


EI 103 change 


Dée 22. 02214731 .319% 


to up 


Dec 22 02:14:31.487: 


to up 


r6(config-if) #end 


ré#copy running-config startup-config 


SISDN-6-LAYER2UP: 


SISDN-6-LAYER2UP: 


Layer 2 for Interface BRO, 


Layer 2 for Interface BRO, 


TEI 106 changed 


TEI 107 changed 


As you can verify in Figure 9-30, my SPIDs contain the LDN, so the LDN configuration is really opti 
however, it doesn't hurt to configure it. Keep in mind as you work through my examples that my S 
configuration is for an ISDN simulator, not an ISDN switch, so your SPID format may differ a bit. A 
use the question mark to help you configure the information you are given. 


Now review the BRI interface status and statistics with show ip interface brief and with show in 
bri to see the D channel. Although it is probably not present in your lab, help me determine the iss 


Example 9-31. 


Example 9-31. 1SDN Interface Statistics 


r5#show ip interface brief 


Interface IP-Address 
BRIO V92 5168. 9222 
BRIO:1 unassigned 
BRIOE2 unassigned 


r5#configure terminal 
r5 (config) #interface briO0 


r5(config-if)#no shut 


sdish: asdn_Call_disconnect () 
sdid5h: isdn_Call_disconnect () 
sdid5h: isdn_Call_disconnect () 
odidsh: isdn_Call_disconnect () 
5d15h: SISDN-6-LAYER2DOWN: 


Layer 2 for Interface BRIO, 


OK? Method Status 
YES manual up 
down 


YES unset 


YES unset down 


Protocol 


up 


down 


down 


TEI 121 changed to down 


5d15h: SISDN-6-LAYER2DOWN: Layer 2 for Interface BRO, TEI 121 changed to down 
5d15h: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 123 changed to up 
5d15h: SISDN-4-INVALID_SPID: Interface BRO, Spidl was rejected 

5di5h: aisdn_Call_disconnect () 

sdlsh:; asdn_Call_disconnect () 


5d1i5h: sISDN-6-LAYER2DOWN: Layer 2 for Interface BRIO, TEI 123 changed to down 


5di5h: sISDN-6-LAYER2DOWN: Layer 2 for Interface BRO, TEI 123 changed to down 


5di5h: sISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 124 changed to up 


5di5h: sISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 125 changed to up 


Now it is time for a little troubleshooting, and the problem is not just the lack of time and date star 
invalid SPID message made me double check my physical wiring. | started there because |'m follov 
troubleshooting methods presented in the earlier chapters. The methodology indicates that it helps 
at the bottom and work your way up. Sure enough, the BRI cables on the routers were reversed. T 
have been the same result on r6, but | decided to take care of this issue by swapping the cables. F: 
to duplicate my problem and analyze the issues before you continue. This was a matter of right cal 
wrong router. The same types of issues exist here as with shooting any Physical Layer or Data Link 
trouble. Your key troubleshooting focus is on the local loop, which is terminated on the NT1 device. 


In your lab, verify that the D channel is up, shut down the serial interfaces between r5 and r6, and 
the BRI configuration as in Example 9-32. Observe both B channels with show interfaces briO 1 : 


Example 9-32. Verifying the D Channel and BRI Configuration 


r5#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
BRIO 192.168: 9:.22 YES manual up up 

BRIO 21 unassigned YES unset down down 
BRIO?2 unassigned YES unset down down 


r5#configure terminal 
r5(config) #interface sl 


r5(config-if) #shut 


r5(config-if) #end 
r5#show interface bri0 
BRIO is up, line protocol is up (spoofing) 
Hardware is BRI 
Internet address is 192.168.9.22/30 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set 
Last input 00:00:00, output 00:00:00, output hang never 
Last clearing of "show interface" counters never 
Input queue: 0/75/0 (size/max/drops); Total output drops: 0 
Queueing strategy: weighted fair 
Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/1/256 (active/max active/max total) 
Reserved Conversations 0/0 (allocated/max allocated) 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
142 packets input, 638 bytes, O no buffer 
Received 13 broadcasts, 0O runts, 0 giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
140 packets output, 623 bytes, O underruns 
0 output errors, O collisions, 11 interface resets 
0 output buffer failures, O output buffers swapped out 


5 carrier transitions 


r5#show interfaces briO 1 2 
BRIO:1 is down, line protocol is down 
Hardware is BRI 


MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input never, output never, output hang never 


Last clearing of "show interface" counters never 


BRIO:2 is down, line protocol is down 
Hardware is BRI 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input never, output never, output hang never 


Last clearing of "show interface" counters never 


Note the output of show interfaces briO above for the 16 kbps D channel. It shows (spoofing). Sr 
just what it sounds like. The interface lies to the Layer 3 so that there will be a routing entry maint 
the router to allow dial-on-demand routing (DDR) to wake up and trigger a call when required. The 
channels are not up all the time as you verified with show interfaces briO 1 2 because they need 
interesting traffic to bring them up. 


Next look at the dialer configuration with show dialer interface bri0 and show dialer map as in 
9-33. Verify your dial strings and statements. Fix them if necessary. 


Example 9-33. 1SDN Dial Strings and Maps 


r5#show dialer interface bri0O 


BRIO dialer type = ISDN 


Dial String Successes Failures Last called Last status 
8358663 0 0 never = 
8358661 0 0 never = 


0 incoming call(s) have been screened. 
0 incoming call(s) rejected for callback. 
BRIO:1 - dialer type = ISDN 


Idle timer (55 secs), Fast idle timer (20 secs) 


Wait for carrier (30 secs), Re-enable (15 secs) 
Dialer state is idle 

BRI0:2 - dialer type = ISDN 

Idle timer (55 secs), Fast idle timer (20 secs) 
Wait for carrier (30 secs), Re-enable (15 secs) 


Dialer state is idle 


r5#show dialer map 

!!tread this as to get to r6(B-channel 1) dial 8358661 
Static dialer map ip 192.168.9.21 name r6 (8358661) on BRO 
!!t!read this as to get to r6(B-channel 2) dial 8358663 


Static dialer map ip 192.168.9.21 name r6 (8358663) on BRO 


The best test is to bring up the connection in Example 9-34. Analyze your interfaces while the |SDP 
connection is up and running. 


Example 9-34. Bringing Up the ISDN Connection 


ro#ping 192.168.9.21 

Sending 5, 100-byte ICMP Echos to 192.168.9.21, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms 

Dec 22 02:59:38.827: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 


Dec 22 02:59:39.867: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 


changed state to up 


Dec 22 02:59:44.863: SISDN-6-CONNECT: Interface BRIO0O:1 is now connected to 8358661 
r5#show interfaces briO 1 2 


BRIO?s1 is: up; Line protocol is up 


Hardware is BRI 


MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, loopback not set, keepalive set (10 sec) 

Time to interface disconnect: idle 00:00:47 

Last input 00:00:07, output 00:00:06, output hang never 

Last clearing of "show interface" counters never 

Input queue: 0/75/0 (size/max/drops); Total output drops: 0 

Queueing strategy: weighted fair 

Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/1/256 (active/max active/max total) 
Reserved Conversations 0/0 (allocated/max allocated) 

5 minute input rate 0 bits/sec, 0 packets/sec 

5 minute output rate 0 bits/sec, 0 packets/sec 
14 packets input, 964 bytes, O no buffer 


Received 6 broadcasts, 0 runts, O giants, O throttles 


QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 


14 packets output, 964 bytes, O underruns 

0 output errors, O collisions, 13 interface resets 

0 output buffer failures, 0 output buffers swapped out 
3 carrier transitions 


BRI0O:2 is down, line protocol is down 


r5#show ip interface brief 


Interface IP-Address OK? Method Status 
BRIO 192.168: 9.22 YES manual up 
BRIO? 1 unassigned YES unset up 
BRIO:2 unassigned YES unset down 


Protocol 


up 


up 


down 


Ethernet0 unassigned YES unset administratively down down 


Loopback8 Die eo YES NVRAM up up 
Serial0 192.168.9.14 YES NVRAM up up 
Seriall 192.1168'2'9'.1L8 YES NVRAM administratively down down 
Dec. 22 03300235.5952 SILSDN=6=DISCONNECT: Interface BRIO:1 disconnected from 
8358661 r6, call lasted 56 seconds 

Dec 22 03300335. /075 i2sdn_Call-disconnect () 

Dec 22 03:00:35.707: SLINK-3-UPDOWN: Interface BRI0:1, changed state to down 
Dec 22 03:00:36.707: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 


changed state to down 


Theping command is just as good as anything else to bring up the ISDN B channel because it requ 
protocol IP permit was part of your dialer list and dialer map statements. Your time and date sta 
quite informative here to let you know that BRIO:1 is up and connected to r6 using the phone numl 
8661. The output of show interfaces briO 1 2 shows you that the first B channel is up, the defaul 
encapsulation is HDLC, and that you have 47 seconds until disconnect. You can also see that the in 
counters have never been cleared. If you see an |P address, you are looking at the D channel inste 
Perhaps you typed show interfaces briO without the 1 or 2 at the end. The output of show ip int 
brief also clearly shows the D channel and B channel as being up for the line and protocol. Althoug 
one B channel is used by default, you can configure the other one with the dialer threshold comrr 
will do this in the "Trouble Tickets" section. Note the ending shaded call disconnect where your dial 
timeout configuration of 55 seconds took effect. 


NOTE 


Any errors with the dialer commands should lead you to verifying your dialer list, dialer gro 
dialer map, and dialer string commands. 


Next bring the link up again to verify the layers with show isdn status as in Example 9- 35. 


Example 9-35. show isdn status Command Output 


r5#ping 192.168.9.21 


Sending 5, 100=byte ICMP Bchos to 192.168..9.21, timeout is 2 seconds: 


Success rate is 80 percent (4/5), 

Dec 22 03:25:28.799: %SLINK-3-UPDOWN: 

Dec 22 03:25:28.835: %ISDN-6-CONNECT: 

Dec 22 03:25:29.843: *SLINEPROTO-5-UPDOWN: 
So up 

r5#show isdn status 


Global ISDN Switchtype = basic~—ni 
ISDN BRIO interface 
dsl 0, interface ISDN Switchtype 


Layer 1 Status: 


round-trip min/avg/max = 


Interface BRIO:1, 


36/36/36 ms 


changed state to up 


Line protocol on Interface BRIO:1, 


= basic-ni 


ACTIVE 
Layer 2 Status: 
TEI = 104, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ ESTABLISHED 
TEI = 105, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ ESTABLISHED 
Spid Status: 
TEI 104, ces = 1, state = 5(init) 


Sspidl. configured, spidl sent, 


Endpoint ID Info: epsf = 0, 


TEI 105, ces = 2, state = 5(init) 


spid2 configured, 


usid = 


spid2 sent, 


spidl valid 


spid2 valid 


Endpoint ID Info: epsf = 0, usid = 4, tid = 1 
Layer 3 Status: 
1 Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 1 
CCB: callid=0x8003, sapi=0x0, ces=0x1l, B-chan=1 
The Free Channel Mask: 0x80000002 


Dec 22 03:325:34.839: tISDN=6=CONNECT: 


Total Allocated ISDN CCBs = 1 


Interface BRI0O:1 is now connected to 8358661 


chang 


Interface BRI0O:1 is now connected to 8358661 


As previously mentioned, the show isdn status command is an extremely useful command in 
troubleshooting the layers with ISDN BRI. However, it helps to understand the frame format in Fig) 
to assist you in interpreting what you are looking at with the output of this command and similar o 
| review the ISDN LAPD framing, | will move into shooting more |SDN troubles. 


Figure 9-11. 1SDN LAPD Frame Format 


At Layer 1, the terminal endpoint (TE) is required before Layer 2 setup can occur. This is not end-t 
but rather router (TE) to the local ISDN switch. An example of this is when | had the cables reverse 
routers and the controllers were activating rather than activated. As you can observe in Figure 9-1. 
are two key fields in the LAPD address: TEI and SAPI. 


Figure 9-12. The LAPD Address Field 


At Layer 2, |SDN operates much like HDLC. Check your terminal endpoint identifiers (TEIs). A TEI | 
defines a terminal. 0 through 63 are not automatically assigned to user equipment, 64 through 12¢ 
dynamically assigned, and TEI 127 is used for a broadcast. Although the ISDN switches may remo\ 
the routers keep track of them. If you need to remove a router's TEIs, you need to reload the rout 
so. The shut/no shut approach or clear interface briO is not enough. However, that will increme 
TEls automatically and fixes many ISDN issues, too. Note that the TEIs of 104 (r5 SPID1) and 105 
SPID2) are dynamically assigned in Example 9-35. 


The service access point identifier (SAPI) defines the message type for the related ISDN Layer 3 
management. SAPI 0 indicates call control procedures or ISDN Layer 3 signaling. SAPI 1 through 1 
through 31 are reserved for future standardization. SAPI 16 is for X.25 procedures. SAPI 63 indicat 
2 management including TE! assignment, and SAPI 64 is used for call control. 


The Command/Response (C/R) bit shows a value of 0 or 1 depending on the network side or the us 
and whether a command or response: 


e Network to user 


1 = Command 


0 = Response 


User to network 


0 = Command 


1 = Response 


NOTE 


For more details on the LAPD frame, refer to the |TU standards. | really like the protocol refer: 
guides offered by DigiNet Corporation at www.diginet.com. | think you will find them very 
worthwhile for a nominal fee. They are not only for |SDN but also for supporting other 
technologies. 


Now that you understand more of the ISDN Layer 2 technical details, take time to use the debug i 
q921 command. Outside of show isdn status, it is the primary ISDN Layer 2 tool. You can use it 
TEI handling, call setup, information transfer, data-link monitoring, and disconnects. Issue it now ¢ 
bring up the connection to watch the normal activity of ISDN Layer 2 as in Example 9-36. Wait for 
to disconnect before you turn off the debug command. 


Example 9-36. debug isdn q921 Command 


r5#debug isdn q921 


ISDN Q921 packets debugging is on 


Dec 22 


Dec 22 


Dec 22 


Dec 22 


r5#ping 192.168.9.21 


Sending 5, 


Success rate is 80 percent 


Dec 22 04:06:15.787: 


04:06:03. 


04:06:03. 


04:06:03. 


04:06:03. 


133: 


211% 


Sais 


S153 


ISDN BRO: 


BRO: 


BRO: 


BRO: 


BRO: 


TX 


RX 


a.4 


RX 


100-byte ICMP Echos to 


(4/5), 


TX 


sapi 


sapi 


sapi 


sapi 


1:92 268%. Os 


round-trip min/avg/max 


=> 


21% 


INFOc sapi 


QO tei 
QO tei 
QO tei 
QO tei 
timeout 


= 0 


tei = 


= 108 nr = 1 
= 108 nr=1 
= 109 nr =1 
= 109 nr=1 


is 2 seconds: 


= 36/36/36 ms 


108 


= 0x08010405040288901801832C0738333538363631 
Dec 22 04:06:15,999: ISDN BRO: RX <= INFOc sapi = 0 tei = 108 ns =1 nr=j=2 i 
= 0x08018402180189952A1B809402603D8307383335383636318E0B2054656C746F6E65203120 
Dec 22 04:06:16.015: ISDN BRO: TX -> RRr sapi = 0 tei = 108 nr=2 
Dec 22 04:06:16.127: ISDN BRO: RX <- INFOc sapi = 0 tei = 108 ns =2 nr=2 i 
™ «08018407 
Dec 22 04:06:16.139: ISDN BRO: TX -> RRr sapi = 0 tei = 108 nr = 3 
Dec 22 04:06:16.143: SLINK-3-UPDOWN: Interface BRI0O:1, changed state to up 


Dec 22 04:06:16.179: SISDN-6—-CONNECT: Interface BRIO:1 is now connected to 8358661 


Dec 22 04:06:16.187: ISDN BRO: TX -> INFOc sapi = 0 tei = 108 ns =2 nr=3 i 


0x0801040F 


Dec 22 04:06:16.231: ISDN BRO: RX <- RRr sapi = 0 tei = 108 nr = 3 

Dec 22 04:06:17.187: tSLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 

Dec 22 04:06:22.183: stISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358661 

Dec 22 04:06:33.379: ISDN BRO: TX -> RRp sapi = 0 tei = 109 nr = 1 

Dec 22 04:06:33.403: ISDN BRO: RX <- RRf sapi = 0 tei = 109 nr=tl1 

Dec 22 04:06:46.235: ISDN BRO: TX -> RRp sapi = 0 tei = 108 nr = 3 

Dec 22 04:06:46.259: ISDN BRO: RX <- RRf sapi = 0 tei = 108 nr = 3 


Dec 22 04:07:03.407: ISDN BRO: TX -> RRp sapi = 0 tei = 109 nr = 1 


Dec 22 04:07:03.435: ISDN BRO: RX <- RRf sapi = 0 tei = 109 nr=l1 


Dec 22 04:07:12.887: SISDN-6—-DISCONNECT: Interface BRIO:1 disconnected from 
8358661 r6, call lasted 56 seconds 


Dec 22 04:07212.899: ISDN BRO: TX => INFOc sapi 


I 
=) 
= 
o 
H 

I 
am 
(=) 
© 
5 
n 

I 
Ww 
) 
R 

I 
WwW 
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= 0x0801044508028090 


Dec 22 04:07:12.991: ISDN BRO: RX <- INFOc sapi = 0 tei 


i 
= 
S 
foe) 
2] 
0) 

i 
Ww 


nmr = 4 i 


= 0x0801844D 


Dec 22 04:07:12.999: ISDN BRO: TX -> RRr sapi = 0 tei = 108 nr= 4 


Dee 22 04507313.011: asdnCcall_disconnect () 

Dec 22 04:07:13.011: SLINK-3-UPDOWN: Interface BRI0:1, changed state to down 

Dec 22 04:07:13.043: ISDN BRO: TX -> INFOc sapi = 0 tei = 108 ns =4 nr=4 i 
= 0x0801045A 

Dec 22 04:07:13.111: ISDN BRO: RX <- RRr sapi = 0 tei = 108 nr=5 

Dec 22 04:07:14.011: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to down 

r5#no debug isdn q921 


ISDN Q921 packets debugging is off 


Follow along with the output of Example 9- 36 to look at the call control procedures over SAPI 0, th 
dynamic assignment of the TEls, and the Tx and Rx for the C/R activity. | have shaded the changes 
BRI interface status so that you can follow the steps. The debug bri command enables you to wat« 
actual TEI negotiation. 


It is often helpful to know whether call setup has ever occurred for troubleshooting purposes. Revi¢ 
history of calls in Example 9-37. 


Example 9-37. show isdn history Command Output 


r5#show isdn history 


ISDN CALL HISTORY 


History table has a maximum of 100 entries. 


History table data is retained for a maximum of 15 Minutes. 


Call Calling Called Remote Seconds Seconds Seconds Charges 


Type Number Number Name Used Left Idle Units/Currency 


Out 8358661 r6é 56 0 


cro#ping 192.168.9.21 
Sending 5, 100=byte ICMP Echos to 192.168.9.21, timeout is 2 seconds: 
a ee) 
r5#show isdn history 
ISDN CALL HISTORY 
History table has a maximum of 100 entries. 
History table data is retained for a maximum of 15 Minutes. 
Call Calling Called Remote Seconds Seconds Seconds Charges 
Type Number Number Name Used Left Idle Units/Currency 
Out 8358661 r6 56 0 
Out 8358661 r6 10 46 8 0 


This router has always been on the initiating side of setting up the ISDN call parameters. Feel free 
r6 to initiate the call and then repeat the history command on r6 to see the difference. It should a 
additional inbound call. Another similar command is show isdn active to See just the active call. 


NOTE 


Remember that ISDN has its own Layer 2 and Layer 3. ISDN Layer 3 is for signaling and has 
nothing to do with the bearer payload being IP Layer 3. Q931 deals with end-to-end call setur 
but there is no Layer 3 address. The E.164 phone number would be like your MAC address on 
LAN, which technically makes ISDN part of the Layer 2 Data Link Layer realm. 


Just like debug isdn q921 shows the details of ISDN Layer 2, you can troubleshoot ISDN Layer 3 


information with debug isdn q931. Use it to check call setup parameters such as SPIDs and phon 
numbers. In Example 9-38, issue it on r5 to watch the normal activity of ISDN Layer 3. 


Example 9-38. debug isdn q931 Command Output 


r5#debug isdn q931 

ISDN 0931 packets debugging is on 

cS#ping 192.168.9.21 

timeout. 18 2 seconds: 


Sending 5, 100-byte ICMP Echos to 192.168.9.21, 


Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms 

Dec 22 04:53:23.275: ISDN BRO: TX -> SETUP pd = 8 callref = 0x06 

Dec 22. 04253::23.279% Bearer Capability i = 0x8890 

Dee 22 04:353323..279% Channel ID i = 0x83 

Dec 22 04253:523.283% Keypad Facility i = '8358661' 

Dec 22 04:53:23.491: ISDN BRO: RX <- CALL_PROC pd = 8 callref = 0x86 

Dee 22 04:53:23.491% Channel ID i = 0x89 

Dee 22 04:53:23.495: Locking Shift to Codeset 5 

Dec 22 04:53:23.499: Codeset 5 IE 0x2A i = 0x809402, '*=', 0x8307, '83586 
Ox8E0B20, 'Teltone', TL. “0x20 

Dec 22 04:53:23.619: ISDN BRO: RX <- CONNECT pd = 8 callref = 0x86 

Dec 22 04:53:23.635: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 

Dec 22 04:53:23.667: stISDN=6=CONNECT: Interface BRIO:1 is now connected to 8358661 

Dec 22 04:53:23.679: ISDN BRO: TX -> CONNECT_ACK pd = 8 callref = 0x06 

Dec 22 04:53:24.675: tSLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 

Dec 22 04:53:29.671: SISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 

!!tactive call in progress 


r5#show isdn status 


Global ISDN Switchtype = basic-—ni 


ISDN BRIO interface 
ds. 0, 


interface ISDN Switchtype 


Layer 1 Status: 


basic-ni 


ACTIVE 
Layer 2 Status: 
TEI = 108, Ces = 1, SAPI = 0, State = 
TEI = 109, Ces = 2, SAPI = 0, State = 
Spud Status: 
TEI 108, ces = 1, state = 5(init) 


spidl configured, 


spidl sent, 


spidl valid 


MULTIPLE_FRAME_ESTABLISHED 


MULTIPLE_FRAME_ESTABLISHED 


disconnected from 


callref 0x06 


I clearing 


lref 0x86 


Endpoint ID Info: epsf = 0, usid = 2, tid = 1 
TEI 109, ces = 2, state = 5(init) 
spid2 configured, spid2 sent, spid2 valid 
Endpoint ID Info: epsf = 0, usid = 4, tid = 1 
Layer 3 Status: 
1 Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 1 
CCB: callid=0x8006, sapi=0x0, ces=0x1l, B-chan=1 
The Free Channel Mask: 0x80000002 
Total Allocated ISDN CCBs = 1 
cot 
Dec 22 04:54:20.375: tSISDN-6-DISCONNECT: Interface BRIO:1 
8358661 r6, call lasted 56 seconds 
Dec 22 04:54:20.387: ISDN BRO: TX -> DISCONNECT pd = 8 
Dec. 22 047542:20.391: Cause i = 0x8090 - Normal cal 
Dec 22 04:54:20.495: ISDN BRO: RX <- RELEASE pd = 8 cal 
Dec 22 04:54:20.511: isdn_Call_disconnect () 


Dec 22 04:54:20.515: SLINK-3-UPDOWN: Interface 

Dec 22 04:54:20.547: ISDN BRO: TX -> RELEASE_ 

Dec 22 04:54:21.511: SLINEPROTO-5-UPDOWN: Line 
changed state to down 


!!t'tafter the call tear down 


r5#show isdn status 


Global ISDN Switchtype basic=ni 


ISDN BRIO interface 


dsl 0, interface ISDN Switchtype = bas 
Layer 1 Status: 

ACTIVE 
Layer 2 Status: 

TEI = 108, Ces = 1, SAPI = 0, State = 

TEI = 109, Ces = 2, SAPI = 0, State = 
Spid Status: 

TEI 108, ces = 1, state = 5(init) 
spidl configured, spidl sent, spid 
Endpoint ID Info: epsf = 0, usid = 

TEI 109, ces = 2, state = 5(init) 
spid2 configured, spid2 sent, spid 
Endpoint ID Info: epsf = 0, usid = 

Layer 3 Status: 

QO Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 0 
The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs 0 


r5#undebug all 


BRIO:1, changed state to down 


COMP pd 8 callret 0x06 


protocol on Interface BRIO:1, 


Le=n2. 


MULTIPLE_FRAME_ESTABLISHED 


MULTIPLE_FRAME_ESTABLISHED 


1 valid 

2, tid = 1 
2. valid 

4, tid = 1 


The call reference parameters help to distinguish between the different calls. For example, the reas 
the preceding disconnect is normal call clearing. See the shaded output after the 56-second discon: 
Example 9- 38. 


Now that you have looked at the LAPD frame format and experimented with some of the command 
layer-by-layer basis, | want to focus on shooting ISDN BRI troubles. 


Shooting Trouble with ISDN BRI 


Although you have already performed some pretty intensive ISDN troubleshooting, | want to reinfc 
general things to look for when shooting !|SDN BRI troubles. Also | want to cover a little more deta 
defining interesting traffic and running routing protocols over ISDN links. 


Several show, debug, and clear |OS commands are available to help you understand and support | 
Example 9- 39 illustrates the ISDN show commands. 


Example 9-39. 1SDN Show Commands 


r5#show isdn ? 
active ISDN active calls 
history ISDN call history 
memory ISDN memory information 


status ISDN Line Status 


timers ISDN Timer values 


Theshow isdn active command shows calls in progress, but if there is not a call in progress perhe 
should try show isdn history to see whether there was ever a call placed. Refer back to the previt 
examples for the output of these commands. The show isdn memory command shows ISDN men 
statistics and what is in use. The show isdn timers shows the switch type and other Layer 2 and | 
values. 


The commands show ip interface brief, show interface briO [1 | 2],show controllers bri 0 as 
link lights are all invaluable Physical Layer tools. Without 1 or 2, show interface briO shows the [ 
activity; with the 1 or 2 you are looking at the B channels. Error counts such as packets input and 
and carrier transitions beyond your baseline are worthwhile to analyze. Move up the stack to check 
encapsulation or frame type. Are you communicating with the |SDN switch? Remember that the sw 
must match between your router and the local ISDN switch. Get this information from the provider 
the keepalive activity (D-channel signaling) between the local router and the ISDN switch with sha 
interfaces briO. Be sure to clear the interface with clear interface briO to reset the hardware log 
re-establish the TEI before you call it a day. As with other technologies, clear the interface counter: 
clear counters briO to establish what you are looking at from this point on (so that you are not cc 
by previous interface resets, for instance). 


Useshow isdn status to see the switch type and a summary of what is going on with the layers. T 
far the most informative command for supporting ISDN. ISDN Layer 3 depends on Layer 2 and Lay 
depends on Layer 1, but that shouldn't be any big surprise by now. The incorrect switch type is a v 
common problem; expect Layer 1 and Layer 2 to be deactivated if this is the issue. Use debug isd) 
to further define issues with the telco switch and debug isdn q931 to further pinpoint call setup is 
Q921 will help when a cable is unplugged or help determine whether the cable is bad (and by the ¢ 
logic, when nothing is going through). 


Other common targets are dialer configuration, encapsulation, and authentication issues. Phone nu 
SPIDs, and the map statements to get to the other end are all things to look at with the dialer. Rev 


Example 9- 40 for dialer troubleshooting. Refer back to the "Shooting Trouble with PPP" section for 
assistance with PPP encapsulation and or authentication troubleshooting. 


Example 9-40. Dialer Troubleshooting 


r5>show dialer ? 
interface Show dialer information on one interface 
maps Show dialer maps 
<Cr> 

r5>show dialer 


BRIO - dialer type = ISDN 


Dial String Successes Failures Last called Last status 
8353'663 0 0 never - 
8358661 6 0 00:20:01 successful 


0 incoming call(s) have been screened. 


0 incoming call(s) rejected for callback. 


BRI0:1 - dialer type = ISDN 


Idle timer (55 secs), Fast idle timer (20 secs) 


Wait for carrier (30 secs), Re-enable (15 secs) 


Dialer state is idle 


BRI0:2 - dialer type = ISDN 


Idle timer (55 secs), Fast idle timer (20 secs) 


Wait for carrier (30 secs), Re-enable (15 secs) 


Dialer state is idle 


r5>show dialer maps 


Static dialer map ip 192.168.9.21 name r6 (8358661) 


Static dialer map ip 192.168.9.21 name r6 (8358663) 

r5>ping 192.168.9.21 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.9.21, time 

Success rate is 80 percent (4/5), round-trip min/avg 

Dec 22 05:16:37.326: SLINK=3=UPDOWN: Interface BRIO: 

Dec 22 05:16:37.358: SISDN=6=-CONNECT: Interface BRIO 

Dec 22 05:16:38.366: SLINEPROTO-5-UPDOWN: Line proto 
changed state to up 

r5>show dialer 


BRIO dialer type = ISDN 


Dial String Successes Failures Last called 
8358663 0 0 never 
8358661 4 0 003 00:05 


0 incoming call(s) have been screened. 


OQ incoming call(s) rejected for callback. 


BRI0:1 - dialer type = ISDN 


Idle timer (55 secs), Fast idle timer (20 secs) 


Wait for carrier (30 secs), Re-enable (15 secs) 


Dialer state is data link layer up 


!'!tnote that it tells you why the call was made 


Dial reason: ip (s=192.168.9.22, d=192.168.9.21) 


Time until disconnect 51 secs 


Connected to 8358661 (r6) 


BRI0:2 - dialer type = ISDN 


on BRO 


on BRO 


out is 2 seconds: 


/max = 36/36/36 ms 


1, changed state to up 


:1 is now connected to 8358661 


col on Interface BRIO:1, 


Last status 


successful 


Idle timer (55 secs), Fast idle timer (20 secs) 
Wait for carrier (30 secs), Re-enable (15 secs) 
Dialer state is idle 


Dec 22 05:16:43.362: %ISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358661 


Dialer commands such as those illustrated in Example 9-40 are useful in spotting ISDN or other di¢ 
issues. Find out why the call was made or terminated to begin with. Narrow down the dialer issues 
specifying a particular interface to see phone numbers, successes, failures, and per B-channel time 
dialer states. Clear the dialer statistics to start from now on with clear dialer interface briO. Dial: 
map the Layer 2 phone numbers to the destination |P addresses, and the show dialer map comm 
displays them quite nicely. Perhaps you forgot the broadcast keyword on the map statement for y 
routing protocol updates or maybe you didn't mean for routing updates to cross the ISDN link. It is 
easy to make typos in this area, especially when phone numbers only vary by one or two digits. Th 
run interface bri0 command in Example 9-41 helps you quickly spot issues with your briO interfa: 
configuration to check for missed statements and typos. 


Example 9-41. show run interface bri0 Command Output 


r5#show run interface bri0O 
Building configuration... 


Current configuration: 


interface BRIO 

ip address: 192:768:9.22 255.255.255.252 

no ip directed=broadcast 

dialer idle-timeout 55 

dialer map ip 192.168.9.21 name r6 8358661 
dialer map ip 192.168.9.21 name r6 8358663 
dialer-group 1 

isdn switch-type basic-ni 

isdn spidl 0835866201 8358662 

isdn spid2 0835866401 8358664 


end 


r6é#show run interface bri0O 
Building configuration... . 


Current configuration: 


interface BRIO 

ip. address 192.1768:.9.21. 255.255..255..252 

no ip directed-broadcast 

dialer idlé=tameout,. 55 

dialer map ip 192.168.9.22 name r5 8358662 
dialer map ip 192.168.9.22 name r5 8358664 
dialer-group 1 

isdn switch-type basic-ni 

isdn spidl 0835866101 8358661 

isdn spid2 0835866301 8358663 


end 


If you are trying to narrow down why you can't dial, give debug dialer events a try as in Exampl 
Note the reason for the dial and dial attempts. 


Example 9-42. debug dialer events Command 


r5#debug dialer events 

Dial on demand events debugging is on 

ro#ping 192.168.9.21 

Sending 5, 100-byte ICMP Echos to 192.168.9.21, timeout is 2 seconds: 


Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms 


Dec 22 05:28:43.190: BRO DDR: Dialing cause ip (s=192.168.9.22, d=192.168.9.21) 
Dec 22 05:28:43.194: BRO DDR: Attempting to dial 8358661 

Dec 22 05:28:43.546: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 

Dec 22 05:28:43.578: SISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358661 


Dec 22 05:28:43.590: BRO:1 DDR: dialer protocol up 


Dec 22 05:28:44.586: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 


Dec 22 05:28:49.582: %SISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358661 


NOTE 


Figure 9-13 in the "Summary" section at the end of this chapter reviews of many of these 
commands to assist you with troubleshooting ISDN issues before you call Cisco Technical 
Assistance Center (TAC). 


Perhaps the issue is not with configuration at all but with performance. What is the load on the line 
you need to adjust the threshold to bring up another B channel or configure multilink. Perhaps you 
analyze the type of traffic traversing the link. How about issues relating to routing protocols on the 
link? 


Dial-on-Demand Routing 


DDR is dynamic routing on an as-needed basis to reduce WAN communication costs. It is good for 
periodic connections that transfer small amounts of data. It obviously is not a solution for today's ¢€ 
commerce sites. Typically, static or default routes are used. After specifying the route (if needed), 
define the traffic that brings up the link. It is critical to remember that any traffic, whether interest 
or not, can traverse the link while it is up. The exception is broadcast/multicast unless it is specifie 
the dialer map. You have already configured this. The idea is to resolve a next-hop address to a 
phone number, which you did with the dialer map statements. 

Assuming you have a route, you must next specify interesting traffic to enable the connection. Acce 
lists give you much more granular control than the $24,000 default dialer-list 1 protocol ip pern 
global command. Analyze your running configuration; this is how things are configured right now. 
Although the protocol ip permit command works well for testing in a lab, there are horror stories 
about this in the real world. People have configured ISDN to allow any IP traffic to bring up the linl 
and keep it up for that matter in practical application. Can you imagine having your ISDN link up ft 
month or so and getting a $24,000 phone bill for the usage charges of ISDN? It has happened, but 
bet not twice in the same place. So, preferably you should point the dialer list to an access list in tk 
real world. If you do not want telnet to bring up the ISDN link, for example, you can configure that 
with an access list. Do that next in Example 9-43. 


Example 9-43. Dialer List Pointing to an Access List 


r5#configure terminal 
r5(config) #interface briO 
r5(config-if)#no dialer-group 1 


r5(config-if) #exit 


r5(config) #dialer-list 9 protocol ip list ? 
<l=199> IP access list 
<1300-2699> IP expanded access list 


r5(config) #dialer-list 9 protocol ip list 109 


r5 (config) #access-list 109 deny tcp any any eq ? 
<0-65535> Port number 
bgp Border Gateway Protocol (179) 


chargen Character generator (19) 


cmd Remote commands (remd, 514) 

daytime Daytime (13) 

discard Discard (9) 

domain Domain Name Service (53) 

echo Echo (7) 

exec Bxec. (rsh, 512) 

finger Finger (79) 

Ep File Transfer Protocol (21) 

ftp-data FTP data connections (used infrequently, 20) 
gopher Gopher (70) 

hostname NIC hostname server (101) 

ident Tdent Procoeco!. (113) 

ire Internet Relay Chat (194) 

klogin Kerberos login (543) 

kshell Kerberos shell (544) 

login Login. (rlogin, 513) 

lpd Printer service (515) 

nntp Network News Transport Protocol (119) 


pim-auto-rp PIM Auto-RP (496) 


pop2 Post Office Protocol v2 (109) 

pop3 Post Office Protocol v3 (110) 

smtp Simple Mail Transport Protocol (25) 
sunrpc Sun Remote Procedure Call (111) 
syslog Syslog (514) 

tacacs TAC Access Control System (49) 

talk Talk (517) 

telnet Telnet (23) 

time Time (37) 


uucp Unix-to-Unix Copy Program (540) 
whois Nicname (43) 


www World Wide Web (HTTP, 80) 


r5 (config) faccess—list 109 deny tcp any any eq telnet ? 
ack Match on the ACK bit 
eq Match only packets on a given port number 


established Match established connections 


fin Match on the FIN bit 

gt Match only packets with a greater port number 
log Log matches against this entry 

log-input Log matches against this entry, including input interface 
Ast Match only packets with a lower port number 
neq Match only packets not on a given port number 
precedence Match packets with given precedence value 

psh Match on the PSH bit 

range Match only packets in the range of port numbers 
rst Match on the RST bit 

syn Match on the SYN bit 

cos Match packets with given TOS value 

urg Match on the URG bit 

<Er> 


!!!the following two commands are all that are necessary 
!!!to create the acl 
r5 (config) faccess—list 109 deny tcp any any eq telnet log 


r5(config) #access—list 109 permit ip any any 


!!!the following command ties the dialer to the acl 


r5(config) #dialer-list 9 protocol ip list 109 


!!!now you must apply the acl to the bri interface 
r5(config) #interface bri0O 
r5(config-if) #dialer-group ? 
<1-10> Dialer list number 
r5(config-if) #dialer-group 9 


r5(config-if) #end 


Creating the access list is only one part of minimizing interesting traffic. The dialer list ties the acce 
list to the dialer, but it does not take effect until the statement is applied to the interface with the 
dialer-group command. Think of this like access list (global create) and access group (interface 
apply). Go back and review the protocol, port and keyword details that are available. This is a gre 
way to find a frequently used port number that you are unsure of as well. 


NOTE 


After the call has been triggered by interesting traffic, all traffic is allowed to use the 
connection. If interesting traffic stops, however, the other traffic may stop in the midst of 
things. 


Repeat the access list, dialer list, and dialer group commands on r6. Use debug dialer to verif 
interesting traffic as in Example 9-44. 


Example 9-44. Debug Dialer to Verify Interesting Traffic 


r5#debug dialer 

Dial on demand events debugging is on 

ro#telnet 192.168.9.22 

Trying V923168 9.22 

% Connection timed out; remote host not responding 


Dec 22 07:14:46.034: %SEC-6-IPACCESSLOGP: list 109 denied tcp 192.168.9.21(11001) 


=> 192.168.9.22(23), 1 packet 
ré#ping 192.168.9.22 
Sending 5, 100=byte ICMP Bchos to 192.168.9.22, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms 
Dec 22 07:15:42.882: BRO DDR: Dialing cause ip (s=192.168.9.21, d=192.168.9.22) 
Dec 22 07:15:42.886: BRO DDR: Attempting to dial 8358662 


Dec 22 07:15:43.238: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 


Dec 22 07:15:43.274: SISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358662 


Dec 22 07:15:43.286: BRO:1 DDR: dialer protocol up 


Dec 22 07:15:44.282: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 

Dec 22 07315:49.278: SISDN=6=CONNECT: Interface BRIO:1 is now connected to 8358662 

ré#telnet 192.168.9.22 

Trying 192.168.9622) «a, Open 

User Access Verification 

Password: 

r5>en 

Password: 

ro#!!!note that I can telnet after the link is up 

cro#!!!but not to bring the link up 


ro#!!!no matter what I a 


The gist of the preceding example is that with a dialer list you only control what type of traffic brin: 
up the link. The initial telnet was denied and you can see the shaded log line as to why. However, 
telnet was allowed when the link was already up. When it was time for teardown, no matter what ) 
were doing related to uninteresting traffic, it terminated immediately. That is what | was trying to ° 
you in the last line, when my telnet session got cut off. 


NOTE 


Depending on how you pay for your ISDN services, consider adjusting dialer load- 
threshold and dialer idle- timeout. Use show isdn history and look at the interface 
statistics to monitor what has happened to see whether you need to adjust. The dialer idle- 
timeout default is 120 seconds, for example, which could be a long time to wait if you are 
paying by the minute. On the other hand, if you are paying by the call you may need to 
increase it. 


The are many ways to configure dial applications. | highly recommend Bill Burton's Remote Access 
Cisco Networks (McGraw-Hill Professional) and the sample configurations at Cisco.com. Cook up yc 
own concoctions with CCO's Access Dial Configuration Cookbook. 


Next | briefly review dial backup from a support viewpoint, and then move on to the Trouble Ticket 


Dial Backup 


Dial backup is available in three varieties: 


e Backup interface 

e Floating static routes 

e Dialer watch 
Regardless of the method, you need to know what the primary and backup links are and what 
interfaces are involved. The type of interface as well as your overall routing design are influential 
factors as to which method may work best for you. For example, backup interface is not designe 
for running on a Frame Relay physical interface, but it works just fine if using subinterfaces. Alway: 
make sure the primary and backup links work individually without getting fancy. What | mean is, 
make sure both links work to begin with before you have one try to back up another. 


Use the backup interface command to configure the ISDN link to be the backup for the serial link 
between r5 and r6 as in Example 9-45. 


Example 9-45. Backup I nterface 


r5(config) #interface sl 
r5(config-if)#no shut 
r6 (config) #interface s0 
r6(config-if) #no shut 
r6(config-if) #end 


r6#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
BRIO 192.168: 9.21 YES manual up up 
BRIO:1 unassigned YES unset down down 
BRIO:2 unassigned YES unset down down 
Ethernet0 unassigned YES unset administratively down down 
Loopback9 63-64. 6.26 YES manual up up 
Serial0O 192.168.9177 YES manual up up 


Seriall unassigned YES unset down down 


Serial2 unassigned YES unset administratively down down 


Serial3 unassigned YES unset administratively down down 


ro#!!!the serial and bri interfaces are up 


r6é#configure terminal 

r6(config) #interface sO 

r6(config-if) #backup interface bri0O 

Dec 22 07:51:53.102: SISDN-6-LAYER2DOWN: Layer 2 for Interface BRIO, TEI 116 
changed to down 

Dec 22 07:51:53.106: tSISDN-6-LAYER2DOWN: Layer 2 for Interface BRIO, TEI 117 
changed to down 

Dec 22 07:51:53.150: SLINK-5-CHANGED: Interface BRIO, changed state to standby mod 


r6(config-if) #end 


Now that the backup interface is configured, view the sO interface in Example 9- 46 to see the 
differences. 


Example 9-46. Viewing the Backup I nterface 


r6é#show interface s0 
SerialO is up, line protocol is up 
Hardware is HD64570 
Internet address is 192.168.9.17/30 
Backup interface BRIO, failure delay 0 sec, secondary disable delay 0 sec, 
kickin load not set, kickout load not set 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation PPP, loopback not set, keepalive set (10 sec) 
LCP Open 


Open: TLPCP, -CDPCP 


Last input 00:00:02, output 00:00:04, output hang never 
Last clearing of "show interface" counters never 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 
5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
2622 packets input, 135193 bytes, O no buffer 
Received 0 broadcasts, 0 runts, O giants, 0 throttles 
1 input errors, 1 CRC, O frame, 0O overrun, O ignored, 1 abort 
2634 packets output, 133687 bytes, O underruns 
0 output errors, O collisions, 634 interface resets 
0 output buffer failures, O output buffers swapped out 
7 carrier transitions 
DCD=up DSR=up DTR=up RTS=up CTS=up 


r6é#celear counters sO 


For practical application of this, assume that ISDN was put in between r5 and r6 because it is critic 
that r6 be able to communicate with r3 even if the serial link between r5 and r6 is down. The serial 
link is using a routing protocol, however, and the ISDN link is not. There are specific commands to 
assist with running particular routing protocols over DDR links, but here a default route is very 
appropriate. On the other hand, maybe you don't want all traffic going over the link anyway. You c 
restrict this with a floating static route as in Example 9-47. 


NOTE 


Common methods of configuring a routing protocol over DDR links include the following: 


e RIP/IGRP— Snapshot routing 
e OSPF— IP OSPF demand circuit 


e EIGRP— Can redistribute on-demand routing (ODR) 


Example 9-47. Floating Static Route 


r6#show ip protocols 
Routing Protocol is "“eigrp 109" 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list. for all interfaces is not set 


Default networks flagged in outgoing updates 


Default networks accepted from incoming updates 


EIGRP metric weight K1l=1, K2=0, K3=1, K4=0, K5=0 
EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

Redistributing: eigrp 109 

Automatic network summarization is not in effect 
Routing for Networks: 

6500.20 

192 -168:. 9:0 


Routing Information Sources: 


Gateway Distance Last Update 
(this router) 5 lwld 
LO? ; 166.9). 18 90 00817225 


Distance: internal 90 external 170 


r6é#configure terminal 

r6(config) #ip route 192.168.9.12 255.255.255.252 192.168.9.22 ? 
<1=2 59> Distance metric for this route 
permanent permanent route 
tag Set tag for this route 


<Cr> 


ré(config)#ip route 192.168.9.12 255.255.255.252 192.168.9.22 200 


|InExample 9-47 | issued the show ip protocols command to verify the administrative distance for 
EIGRP, the routing protocol that is running on r6. Notice that | set the administrative distance for t 
floating static route to a number higher than the administrative distance for EIGRP. You might 

consider setting it to 201 in practical application to take care of BGP as well. Remember, the lower 
administrative distance, the more believable the route. 


Theshut command will not trigger dial-backup interfaces, so physically disconnect the serial cable 
r6 to test this. Monitor the results in Example 9-48. After verifying that things work, plug the serial 
cable back in to verify that it is still the primary link. The ISDN link should return to standby 


automatically. 


Example 9-48. Testing the Backup Interface and Floating Static 


r6#show ip interface brief 


Interface 


BRIO 


BRIO:1 


BRIO S2 


SerialdO 


IP-Address OK? Method Status Protocol 
192 21682 921 YES manual standby mode down 
unassigned YES unset administratively down down 
unassigned YES unset administratively down down 
192.5168; 9:47 YES manual up up 


ré6#!!! physically unplug the serial cable from r6é 


to up 


Déc: 22 09324: 


to up 


Dee: 22 09324: 


Dec 22 09:24: 


Dec 22 09324: 


Dec 22 09:24: 


Dec 22 09324: 


Dec 22 09:24: 


Odie 


Bis 


Be 


Bi 


625% 


1.6.61: 


16-6933 


Lod les 


OOTs 


s26Ls 


625% 


SLINK-3-UPDOWN: Interface 


SLINK-3-UPDOWN: Interface 


SLINK-3-UPDOWN: Interface 


SLINK-3-UPDOWN: Interface 


SISDN-6-LAYER2UP: Layer 2 


SISDN-6-LAYER2UP: Layer 2 


SLINEPROTO-5-UPDOWN: Line 


Serial0, changed state to down 
BRIO:1, changed state to down 
BRI0O:2, changed state to down 
BRIO, changed state to up 


for Interface BRO, TEI 126 changed 


for Interface BRO, TEI 65 changed 


protocol on Interface SerialO, 


changed state to down 


!!'!the D-Channel is up 


r6#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
BRIO 192.1685 9.21 YES manual up up 
BRIO:1 unassigned YES unset down down 
BRIO:2 unassigned YES unset down down 
Ethernet0 unassigned YES unset administratively down down 
Loopback9 6. O.56:3.6 YES NVRAM up up 
Serial0O 192.1683 9:.17 YES NVRAM down down 


!'!'tthe floating static route is in the table 


r6#show ip route 


192.168.9.0/30 is subnetted, 2 subnets 

Ss 192.168.9102 [200/70] vaa 192.068.9222 

cS 192.168.9.20 is directly connected, BRIO 
6.0.0.0/32 is subnetted, 1 subnets 


Cc 6.6.6.6 is directly connected, Loopback9 


!!!send some interesting traffic to open the B-Channel 

r6#ping 192.168.9.13 

Sending 5, 100-byte ICMP Echos to 192.168.9.13, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 60/63/64 ms 

Dec 22 09:25:23.289: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 


Dec 22 09:25:23.325: %SISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358662 


Dee 22 09925:24.333: 
changed state to up 


Dec 22. O92257229'.329 2 


!!'tthe first B-Channel is up 


r6#show ip interface brief 


Interface IP-Address 
BRIO 192.1685 9:21 
BRIO si unassigned 
BRIO:2 unassigned 
Ethernet0O unassigned 
Loopback9 6:16: 6'6:26 
Serial0 192.51,68 59:17 
ro#!!!now plug the cable back in 


Dec: 2209326220 ..133% 

8358662 r5, 
Dec 22 09:26:20.245: 
Deo 22. O9226721,..2453 


changed state to down 


!!!sO automatically comes up 


%SLINEPROTO-5-UPDOWN: 


%ISDN-6-CONNECT: 


%SISDN-6—-DISCONNECT: 


call lasted 56 seconds 


SLINK-3-UPDOWN: 


%SLINEPROTO-5-UPDOWN: 


Line 


protocol on Interface BRIO:1, 


Interface BRI0:1 is now connected to 8358662 


OK? Method Status Protocol 
YES manual up up 

YES unset up up 

YES unset down down 

YES unset administratively down down 

YES NVRAM up up 

YES NVRAM down down 


Interface 


Line 


Dec 22 09:26:33.661: SLINK-3-UPDOWN: Interface 

Dec 22 09:26:34.729: SLINEPROTO-5—-UPDOWN: Line 
changed state to up 

Dec 22 09:26:34.745: SISDN-6-LAYER2DOWN: Layer 
changed to down 

Dec 22 09:26:34.749: SISDN-6-LAYER2DOWN: Layer 


to down 


Interface BRIO:1 


disconnected from 


BRIO:1, 


changed state to down 


protocol on Interface BRIO:1, 


Serial0, changed state to up 


protocol on Interface SerialO, 


TEL 126 


2 for Interface BRIO, 


2 for Interface BRIO, TEI 65 change 


ro#!!!brid automatically goes back to standby 


Dec 22 09:26:34.789: SLINK-5-CHANGED: Interface BRIO, changed state to standby mod 


Note that it was only necessary to configure the backup interface on one side. When sO was down, 
needed a route to get to the r3 destination, which the floating static provides. Verify the state of yc 
interfaces and routing table under normal circumstances to help you recognize abnormalities (see 


Example 9-49). 


Example 9-49. Verifying the Normal Interfaces and Routing Table 


r6#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
BRIO 192.168.9221 YES manual standby mode down 
BRIOeL unassigned YES unset administratively down down 
BRIO <2 unassigned YES unset administratively down down 
Ethernet0 unassigned YES unset administratively down down 
Loopback9 iis Oe Oise 6 YES NVRAM up up 
Serial0d 192.1689 17 YES NVRAM up up 


r6é#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
Bl = OSPF external type 1, E2 = OSPF external type 2, HE = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o - ODR 
Gateway of last resort is not set 
1.0.0.0/32 is subnetted, 1 subnets 
D 1.1.1.1 [90/41664000] via 192.168.9.18, 00:17:15, Serial0 


2.0.0.0/32 is subnetted, 1 subnets 


D 2.2.2.2 [90/41664000] via 192.168.9.18, 00:17:16, Serialod 
3.0.0.0/32 is subnetted, 1 subnets 

D 3.3.3.3 [90/41152000] via 192.168.9.18, O021L7:16, Seriald 
4.0.0.0/32 is subnetted, 1 subnets 

D 4.4.4.4 [90/41664000] via 192.168.9.18, 00:17:16, Serial0d 


192.168.9.0/24 is variably subnetted, 11 subnets, 2 masks 


D 192.168.9.1/32 [90/41536000] via 192.168.9.18, 00:17:16, Seriald 
D 192.168.9.0/30 [90/41536000] via 192.168.9.18, 00:17:16, Serial0d 
D 192.168.9.4/30 [90/41536000] via 192.168.9.18, 00:17:16, Seriald 
D 192.168.9.6/32 [90/41536000] via 192.168.9.18, O0217:16, Serial 
D 192.168.9.8/30 [90/41536000] via 192.168.9.18, 00:17:16, Serial0d 
D 192.168.9.10/32 [90/41536000] via 192.168.9.18, OOr17:18, Seriald 
D 192.168.9.13/32 [90/41024000] via 192.168.9.18, 00:17:18, Serial0 
D 192 .168.9.12/30 [90/41024000] via 192.168.9.18, O0:17:18, Seriald 
Cc 192.168.9.16/30 is directly connected, Serial0O 

Cc 192.168.9.18/32 is directly connected, Serial0O 

D 192.168.9.20/30 [90/41024000] via 192.168.9.18, 00:17:18, Serial0 


5.0.0.0/32 is subnetted, 1 subnets 
D Sx5s5%5 [90/7 40640000] via 192:168.9.18,. OOFTL7T218, Seriald 
6.0.0.0/32 is subnetted, 1 subnets 


Cc 6.6.6.6 is directly connected, Loopback9 


Note that the sO interface is once again up and up. The BRI D channel is in standby, and the BRI B 
channels are administratively shut down. The routing table knows how to get to r3 because it has < 
EIGRP learned route. The floating static was only inserted when needed, hence the name floating 
static. Feel free to remove the backup interface command and try this exercise with just the float 
static. Just ping to bring up the ISDN link and check your routing table. 


Assuming everything is configured properly, this is a very smooth operation. A console message wi 
generated to let you know that the BRI is out of standby mode. If you do not see this console 
message, you may need to adjust the backup delay enable timer. Another common problem is na 
having a route to your destination network(s) when using the backup link. However, you had that 


covered with the floating static route. You might experience issues with the primary coming back u 
and the backup not going back to standby; check your backup delay disable timer. The syntax to 
enable/disable timers is as follows: 


backup delayenabletimer disabletimer 


For example, backup delay 10 60 says that the backup link will be up 10 seconds after the prima 
link fails and the backup link will go down 60 seconds after the primary comes back up. These time 
may also be the reason for flapping links, but you should always verify physical connectivity in thal 
respect as well. Commands such as show ip route, show dialer, and debug dialer are helpful in 
troubleshooting DDR issues. 

You have gained lots of practical experience with the first two dial-backup solutions: backup interfe 
and floating static routes. Another practical dial-backup solution for EIGRP is dialer watch. Dialer 
watch monitors a specified route, and when the route is no longer present it initiates the backup lir 
One of the advantages of dialer watch is the capability to monitor more than one route and to activ 
the backup when the all the monitored routes are out of the table. The traditional floating static rol 
triggers only if the single specified route goes away. 

Remove the backup interface statement from r6. Configure dialer watch in its place as in Exampl 


9-50 to watch the 192.168.9.8 and 192.168.9.12 links. Delay disconnecting the backup interface fc 
20 seconds after the primary link is up again. 


Example 9-50. Dialer Watch 


r6 (config) #interface s0 
r6(config-if)#no backup interface 


r6(config-if) #exit 


r6(config) #dialer watch? 

watch-list 

r6 (config) #dialer watch-list ? 
<1-30> Dialer watch group number 


r6 (config) #dialer watch-list 9 ? 


ip IP 


r6(config) #dialer watch-list 9 ip ? 


A.B.C.D IP address 


r6(config) #dialer watch-list 9 ip 192.168.9.8 255.255.255.252 


r6(config) #dialer watch-list 9 ip 192.168.9.12 255.255.255.252 


r6(config) #interface brid 


r6(config-if) #shut 


r6(config-if) #dialer ? 


callback-secure Enable callback security 
caller Specify telephone number to be screened 
enable-timeout Set length of time an interface stays down before it 


is available for dialing 


fast=1dile Set idle time before disconnecting line with an 


unusually high level of contention 


hold-queue Configure output hold queue 

idle-timeout Specify idle timeout before disconnecting line 
load-threshold Specify threshold for placing additional calls 

map Define multiple dial-on-demand numbers 

pool-member Specify dialer pool membership 

Priority Specify priority for use in dialer group 
rotary-group Add to a dialer rotary group 

snapshot Specify snapshot sequence number for Dialer Profiles 
Suring Specify telephone number to be passed to DCE device 


wait-—for-carrier-time How long the router will wait for carrier 
watch-disable Time to wait before bringing down watched route link 
watch-group Assign interface to dialer-watch-list 

r6(config-if) #dialer watch-group 9 


r6(config-if) #dialer watch-disable ? 


<1-2147483> Watch route disable time in seconds 
r6(config-if) #dialer watch-disable 20 
r6(config-if) #no shut 
r6(config-if) #end 


r6é#copy running-config startup-config 


Dialer watch is certainly easy to configure and understand. See whether it works by removing the 
serial cable from r6 as you did with the backup interface method. If you are not successful, it could 
a version issue. Cisco recommends that you use |OS 12.1(7) or higher to fix the current nonfeature 
(more commonly known as bugs) with dialer watch. 


These backup methods are very useful but are a lot more scalable with dialer profiles. For more 
flexibility with DDR, consider deploying dialer profiles. Dialer profiles separate the logical 
configurations from the physical interfaces. The big advantage is that the configuration for the dial: 
interface is re-usable on more than one physical interface. The main components include dialer 
interfaces, dialer pool, and physical interfaces. There are also optional dialer map-class statemen 
to supply other configuration parameters to the logical dialer interfaces. 


To apply the components to practical application, first you create a virtual interface (interface dia 
0). Assign the IP address and encapsulation method just as if it were any physical interface. By 
assigning the dialer interface to a dialer pool (dialer pool 1), the logical interface now has many 
physical interfaces from which it may draw. As far as the physical interface configuration, make it ¢ 
dialer pool member (dialer-pool member 1) and specify the encapsulation type. This places the 
physical interface into a dialer pool to point the physical interface to the logical interface 
configuration. 


After the major components have been configured, you can also use these logical interfaces in 
situations such as in static routes (ip route 192.168.9.8 255.255.255.252 dialer 0). You can al 
passive-interface a dialer interface to keep routing protocols from continuously bringing up an IS 
link. For examples and application, go to Cisco.com, login and search for "Configuring ISDN DDR w 
Dialer Profiles." Another great reference is the Bill Burton book mentioned previously, Remote Acce 
for Cisco Networks. 


Take some time to clean up your configurations. At a minimum, remove all access group, dialer 
group, and backup interface commands applied to interfaces. Check your final configurations 
against the file isdn ending configs to ensure you are prepared for the Trouble Tickets. Troubleshoc 
as necessary to make sure you have a working scenario before moving on to the Trouble Tickets. 


Once again it is time for the chapter Trouble Tickets. The plan here is to give you several things to 
to let you make mistakes and fix some things on your own, and to introduce other problems that y: 
should have some experience with as a support person. 


Trouble Tickets 


Complete the following Trouble Tickets in order. Use the information and tools from this chapter 
and the previous chapters to analyze, test, and document as you go. Create your own Physical 
Layer problems or other problems if you need more practice in that area. Modify the Trouble 
Tickets to make them more applicable to fit your individual needs. Sample solutions are provided 
after this section. 


Trouble Ticket 1 


Turn on debug bri on r5 to watch the TEI negotiation. Unplug the BRIO cable to the router and 
monitor the results. Check the output of show isdn status. Plug the cable back in and monitor 
the results. 


Trouble Ticket 2 


You are in the midst of troubleshooting your ISDN connection. Look at the following output to 
decide what the issues are and what to do next: 


r5#show isdn status 
*x** No Global ISDN Switchtype currently defined **** 
ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = none 
Layer 1 Status: 
DEACTIVATED 
Layer 2 Status: 
Layer 2 NOT Activated 
Layer 3 Status: 
OQ Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 0 


The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs = 0 


Trouble Ticket 3 


Remove the SPID1 configuration from r5. What results do you expect to see with show isdn 
status now? Compare your results to the solution provided. Add the SPID back and verify things 
before you continue to Trouble Ticket 4. 


Trouble Ticket 4 


Change the encapsulation to PPP with PAP authentication for the ISDN link between r5 and r6. 
Troubleshoot as required and verify connectivity to a remote network. Compare your 
configurations and troubleshooting to the solution provided. 


Trouble Ticket 5 


Configure and troubleshoot |S-IS over HDLC using the same physical layout that you have now. 
rl through r5 should still run EIGRP, but r5 and r6 should run IS-IS. End-to-end connectivity is 
required. 


Trouble Ticket 6 


Many times performance is an issue with only one B channel handling the load. Bring up the 
second B channel if the load on the first one is more than 10 percent. | know that 10 percent is a 
very low number and 50 to 80 may be more practical. However, with 10 percent there is no need 
to assert a very heavy load on the line to witness the same results. Feel free to make the number 
lower than 10 percent for lab purposes. 


Trouble Ticket Solutions 


These solutions are not always the only way to perform these tasks. Compare your results. 


Trouble Ticket 1 Solution 


Turn on the debug bri command in Example 9-51 to watch the TEI negotiation. 


Example 9-51. TEI Negotiation 


r5#debug bri 

Basic Rate network interface debugging is on 
ro#!!!unplug the cable 

Dec 23 06:51:14.784: BRI: write_sid: scp = 0, wrote = E 
Dec 23 06:51:14.792: BRI: write_sid: scp = 0, wrote = E 


Dec 23 06:51:14.792: BRI: write_sid: scp = 0, wrote = E 


Dec 23 06:51:25.404: BRI: write_sid: scp = 0, wrote = 92 


Dec 23 06:51:25.404: BRI: write_sid: scp = 90, wrote = 93 


Dec 23 06:51:25.408: BRIO: ACTIVATED, state F2, event DI 


Dec 23 06:51:25.408: BRI: T4 timer started DEACT timer expired 


Dec. 23 06351226.012: BRI: write_sid: sep = 0; wrote = 92 


Dec 23 06:51:26.012: BRI: write_sid: scp = 90, wrote = 93 


ll 
bh 


Dec 23 06:51:26.016: BRI: write_sid: scp = 0, wrote 


ll 
(=) 


Dec 23 06:51:26.016: BRI: write_sid: scp = 0, wrote 


Dee .23 O6851926.0202 isdn_Call_disconnect () 


Dec 23 06:51:26.020: isdn_Call_disconnect () 


Dec 23 06:51:26.024: BRI: disable channel Bl 


Dec 23 06:51:26.024: BRI: disable channel B2 


r5#show isdn status 


Global ISDN Switchtype = basic~—ni 


ISDN BRIO interface 


dsl 0, interface ISDN Switchtype basice=ni 


Layer 1 Status: 


DEACTIVATED 
Layer 2 Status: 
TEI = 118, Ces = 1, SAPI = 0, State = TEI_ASSIGNED 
TEI = 119, Ces = 2, SAPI = 0, State = TEI_ASSIGNED 
Spud Status: 
TEI 118, ces = 1, state = 5(init) 


spidl configured, spidl sent, spidl valid 


Endpoint ID Info: epsf = 0, usid = 2, tid = 1 
TEI 119, ces = 2, state = 5(init) 

spid2 configured, spid2 sent, spid2 valid 

Endpoint ID Info: epsf = 0, usid = 4, tid =1 
ro#!!!plug cable back in 
Dec 23° 06352:2:11.132% BRI: write_sid:. scp = 0; wrote = 92 
Dec 23 06:52:11.132: BRI: write_sid: scp = 80, wrote = 93 
Dec 23 06:52:11.132: BRIO: DEACTIVATED, state Fl, event LSD 
Dec 23 06:52:11.136: BRI: write_sid: scp = 0, wrote = 1B 
Dec 23 06:52:11.140: BRI: write_sid: scp = 0, wrote = 20 
Dec 23 06:52:11.200: BRI: write_sid: scp = 0, wrote = 92 
Dec 23 06:52:11.200: BRI: write_sid: scp = AO, wrote = 93 
Dec 23 06:52:11.204: BRIO: DEACTIVATED, state F3, event AP 
Dec 23 06:52:11.204: BRI: write_sid: scp = 0, wrote = 3 
Dec 23 06:52:11.216: BRI: write_sid: scp = 0, wrote = 92 


Dec 23 06:52:11.216: BRI: write_sid: scp = EO, wrote = 93 


Dec 23 06:52:11.216: BRIO: PENDING, state F7, event AI 


Dec 23 06:52:11.220: BRI: Received activation indication. 


Dec. 23 U6G752°:11.232: BRI: write_sid: sep = 0, wrote = E 


Dec 23 06:52:11.388: SISDN-6-LAYER2DOWN: Layer 2 for Interface BRIO, TEI 118 


changed to down 


Dec 23 06:52:11.388: SISDN-6-LAYER2DOWN: Layer 2 for Interface BRIO, TEI 119 


changed to down 


Dec 23 06:52:11.392: SISDN-6-LAYER2DOWN: Layer 2 for Interface BRO, TEI 118 change 


to down 


Dec 23 06:52:11.420: BRI: write_sid: scp = 0, wrote = E 


Dec. 23 06:52:13.420: BRI: write_sid: scp = 0, wrote E 


Dec 23 06:52:13,532: BRI: write_sid: scp = 0, wrote E 


Dec 23 06:52:13.556: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 70 changed 


to up 


Dec. 23 06752:13.564: BRI: write_sid: sep = 0; wrote = E 


Dec 23 06:52:13.644: BRI: write_sid: scp = 0, wrote = E 


Dec 23 06:52:13.664: BRI: write_sid: scp = 0, wrote = E 


Dec 23 06:52:13.700: BRI: write_sid: scp = 0, wrote = E 


Dec 23 06:52:13.724: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 71 changed 


to up 


Dec 23 06:52:13.732: BRI: write_sid: scp = 0, wrote 


i 
13 


Dec 23 06:52:13.816: BRI: write_sid: scp = 0, wrote = E 


r5#no debug bri 


This is a little more output than you want occurring on a regular basis, so keep that in mind to find 
best time to issue the command. The output continuously displays write sid, which is an internal 

command written to the interface controller subunit identifier (SID). With the cable unplugged, the 
activation timer (T3) expired and the status was F2. The timers deactivated, the call terminated, al 
B channels went down. Also note the Layer2Down messages. In summary, if there are quick BRI in 


changes, always check the Physical Layer, such as the cable or interface. Unless you want to see al 
negotiation in the background, however, show isdn status is still the best tool for troubleshootinc 
layers. 


Trouble Ticket 2 Solution 


The obvious issue is the missing ISDN switch type or mismatch that show isdn status reveals qui 
nicely. When Layer 1 is deactivated, you should immediately suspect a bad cable or the switch type 
might want to take a few minutes and remove your switch type as in the following output and then 
issues. Glance at the output of show isdn status in Example 9-52 before you make any changes. 

any complications. 


Example 9-52. show isdn status Command Output 


r5#show isdn status 
Global ISDN Switchtype = basic-ni 
ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = basic-ni 
fayer 1 Status: 
ACTIVE 
Layer 2 Status: 


TEI = 70, Ces = 1, SAPI 


0, State 


MULTIPLE_FRAME_ESTABLISHED 


TEI = 71, Ces = 2, SAPI 


0, State 


MULTIPLE_FRAME_ ESTABLISHED 


Spid Status: 


TEI 70, ces = 1, state = 5(init) 


spidl configured, spidl sent, spidl valid 


Endpoint ID Info: epsf = 0, usid = 2, tid =1 


te) 
ea 
ra 


71, ces = 2, state = 5(init) 
spid2 configured, spid2 sent, spid2 valid 
Endpoint ID Info: epsf = 0, usid = 4, tid = 1 
Layer 3 Status: 

0 Active Layer 3 Call(s) 


Activated dsl 0 CCBs = 0 


The Free Channel Mask: 


0x80000003 


Total Allocated ISDN CCBs = 0 


Now remove both the global interface switch types for r5 in Example 9-53. 


Example 9-53. Removing the ISDN Switch Types 


r5(config) #interface bri0O 


r5(config-if)#no isdn switch-type 


Warning: No ISDN switch-type defined. 


r5 (contig 


Dec 23 07 


to down 


Dec 23 0O7 


to down 


Dec 23 O7 


to down 


Dec 23 07 


to down 


-if) #exit 


209:52.456:3 


2:09:52.460: 


£09252.:628%: 


209:252..632% 


SISDN-6-LAYER2DOWN: 


SISDN-6-LAYER2DOWN: 


SISDN-6-LAYER2DOWN: 


SISDN-6-LAYER2DOWN: 


r5(config)#no isdn switch-type 


Warning: No ISDN switch-type defined. 


“Slobally and/or per interface. 


Layer 


Layer 


Layer 


Layer 


This change will take full effect upon reload. 


r5 (config) #end 


r5#copy running-config startup-config 


r5#reload 


r5#show isdn status 


*x*x*x* No Global ISDN Switchtype currently defined **** 


for 


ror 


for 


for 


No calls possible, 


No calls possible. 


Interface 


Interface 


Interface 


Interface 


BRO, 


BRIO, 


BRO, 


BRIO, 


TEI 70 changed 


TEI 70 change 


TEI 71 changed 


TEI 71 change 


unless switchtype define 


ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = none 
Layer 1 Status: 
DEACTIVATED 
!'!'!now define your switch type and test 
r5#configure terminal 
r5(config) #isdn switch-type basic—ni 
Dec 23 07:17:13.171: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 72 changed 
to. up 
Dec 23 07:17:13.339: SISDN-6-LAYER2UP: Layer 2 for Interface BRO, TEI 73 changed 
to. up 
r5 (config) #end 


r5#copy running-config startup-config 


The main complication to note is that when you completely remove the ISDN switch type the route 
you that no calls are possible. It also does not take effect until you reload the router. J ust like othe 
features, however, you may run into slight differences with the version of code. 


Trouble Ticket 3 Solution 


First remove your SPIDs from r5 as in Example 9-54. Then clear the BRI interface and show the 1S 
status. 


Example 9-54. Removing SPI Ds 


r5#show run interface bri0O 

interface BRIO 

ip address 192.168 .9.:22 255.255.255.252 
no ip directed-broadcast 

dialer idle-timeout 55 


dialer map ip 192.168.9.21 name r6 8358661 


dialer map ip 192.168.9.21 name r6 8358663 


isdn switch-type basic-ni 


isdn spidl 0835866201 8358662 


isdn spid2 0835866401 8358664 


end 


r5#configure terminal 


r5(config) #interface briO0 


r5(config-if)#no isdn spidl 0835866201 8358662 


r5(config-if)#no isdn spid2 0835866401 8358664 


r5(config-if) #end 


r5#clear interface bri0O 


Dec 23 O7: 


Dec 23 O7 


Dec 23 07 


to down 


Dec 23 07 


to down 


Dec 23 07 


to down 


Dec 23 O07 


changed 


Dec 23 O07 


changed 


Dec 23 O7: 


to up 


24:13. 


224: 


224: 


224: 


224: 


224: 


Sis 


1.3 


133 


13s 


14. 


state 


224: 


14. 


state 


24: 


13 


r5#show isdn status 


VOGT? isdn_Call_disconnect () 

el isdn_Call_disconnect () 
-299: SISDN-6-LAYER2DOWN: Layer 
303: SISDN-6-LAYER2DOWN: Layer 
307: SISDN-6-LAYER2DOWN: Layer 
111: SLINEPROTO-5-UPDOWN: Line 
to down 

115: SLINEPROTO-5-UPDOWN: Line 
to down 

475: SISDN-6-LAYER2UP: Layer 2 


Global ISDN Switchtype = basic-—ni 


2 for Interface BRIO, TEI 72 change 


2 for Interface BRIO, TEI 73 change 


2 for Interface BRO, TEI 72 changed 


protocol on Interface BRIO:1, 


protocol on Interface BRIO:2, 


for Interface BRO, TEI 74 changed 


ISDN BRIO interface 
dsl 0, interface ISDN Switchtype = basic-—-ni 
Layer 1 Status: 
ACTIVE 
Layer 2 Status: 
TEI = 74, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED 
Layer 3 Status: 
0 Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 0 
The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs = 0 


Note how | first issued the show run interface bri0 command so that | had the commands right i 
of me that | wanted to delete. | used clear interface briO to clear the interface so that this would 
effect. TE] was not assigned as you can see by the SPID status. Now add one SPID back at a time < 


observe the results in Example 9-55. 


Example 9-55. Configuring SPIDs (First B Channel) 


r5#!!ladd one SPID back at a time 
r5#configure terminal 

r5(config) #interface bri0O 
r5(config-if) #isdn spidl 0835866201 8358662 
r5(config-if) #end 

r5#clear interface bri0 

r5#show isdn status 

Global ISDN Switchtype = basic-ni 

ISDN BRIO interface 


dsl 0, interface ISDN Switchtype = basic-—ni 


Layer 1 Status: 
ACTIVE 
Layer 2 Status: 
TEI = 75, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME ESTABLISHED 
Spid Status: 
TEI 75, ces = 1, state = 5(init) 
spidl configured, spidl sent, spidl valid 
Endpoint ID Info: epsf = 0, usid = 2, tid = 1 
Layer 3 Status: 
QO Active Layer 3 Call(s) 
Activated dsl 0 CCBs = 0 
The Free Channel Mask: 0x80000003 


Total Allocated ISDN CCBs = 0 


Focus on the ISDN Layer 2 status. Your key is the MULTIPLE_FRAME_ESTABLISHED state for each 


channel. When you removed both SPIDs and added one back, however, you only saw one 


MULTIPLE_FRAME_ESTABLISHED. Add the other SPID back in Example 9-56 and observe the resul 


Example 9-56. Configuring SPIDs (Second B Channel) 


co#!!!now add the other SPID 

r5#configure terminal 

r5(config) #interface bri0O 

r5(config-if) #isdn spid2 0835866401 8358664 
r5(config-if) #end 

r5#clear interface bri0 

r5#show isdn status 

Global ISDN Switchtype = basic—ni 


ISDN BRIO interface 


dsl 0, 


Layer 1 Status: 


ACTIVE 
Layer 2 Status: 
TEL = 76, Ces = 1, SAPI 
TEL = 77, Ces = 2, SAPI 
Spid Status: 
TEI 76, ces = 1, state 


spidl configured, 

Endpoint ID Info: 
TEI 77, ces = 2, state 
spid2 configured, 


Endpoint ID Info: 


i 


epsf 


epsf 


0, 


0, 


interface ISDN Switchtype = 


State 


state 


5 Cara) 


spidl sent, 


0, ws 


5 (ana) 


spid2 sent, 


0, ws 


basic-ni 


MULTIPLE_FRAME_ ESTABLISHED 


MULTIPLE_FRAME_ ESTABLISHED 


spidl valid 


id = 


2, 


spid2 valid 


id = 4, 


The moral of this ticket is MULTIPLE_FRAME_ESTABLISHED and valid SPIDs. The tool is show isdr 


status. 


Trouble Ticket 4 Solution 


Configure PPP encapsulation with PAP authentication on the ISDN briO interfaces to produce the 


configurations in Example 9-57. 


Example 9-57. Configuring PPP Encapsulation and PAP Authentication 


r5#show running-config 
hostname r5 

enable password cisco 
username r6 password 0 donna 
ip subnet-zero 


isdn switch-type basic-ni 


interface Loopback8 
ip address 5.5.5.5 255.255.255.255 


no ip directed-broadcast 


interface Serial0 

bandwidth 64 

ip address 192.168.9.14 255.255.255.252 
no ip directed-broadcast 

encapsulation ppp 


no ip mroute-cache 


interface Seriall 

bandwidth 64 

ip address 192.768:.9.18 255.255.255.252 
no ip directed=broadcast 

encapsulation ppp 


ppp authentication chap 


interface BRIO 

ip. address 192:.7068:..9.22 255.255.255.252 
no ip directed-broadcast 

encapsulation ppp 

dialer idle-timeout 55 

dialer map ip 192.168.9.21 name r6 8358661 
dialer map ip 192.168.9.21 name r6 8358663 
dialer-group 1 


isdn switch-type basic-ni 


isdn spidl 0835866201 8358662 
isdn spid2 0835866401 8358664 
ppp authentication pap callin 


ppp pap sent-username paplady password 7 0117090A550A 


end 


ré#show running-config 


hostname r6 


username r5 password OQ donna 
username paplady password 0 donna 
ip subnet-zero 


isdn switch-type basic-ni 


interface Loopback9 
ip address 6.62626 255.255.255.255 


no ip directed-broadcast 


interface Serial0 

bandwidth 64 

ip address 192.268: 9.17 255.255.255.252 
no ip directed-broadcast 
encapsulation ppp 

no ip mroute-cache 

clockrate 64000 


ppp authentication chap 


interface BRIO 

ip. address 192.768:9.21 255.255..255.252 

no ip directed-broadcast 

encapsulation ppp 

dialer idle-timeout 55 

dialer map ip 192.168.9.22 name r5 8358662 
dialer map ip 192.168.9.22 name r5 8358664 
dialer-group 1 

isdn switch-type basic-ni 

isdn spidl 0835866101 8358661 

isdn spid2 0835866301 8358663 


ppp authentication pap 


end 


Turn on the debug ppp negotiation command to watch the authentication process in Example 9- 


Example 9-58. Debug PPP Negotiation over |SDN 


r5#debug ppp negotiation 

PPP protocol negotiation debugging is on 

cS#ping 192.168.9.21 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.9.21, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms 


Dec 23 08:11:17.355: SLINK-3-UPDOWN: Interface BRI0:1, changed state to up 


Dec 23 08:11:17.391: %ISDN-6-CONNECT: Interface BRIO:1 is now connected to 8358661 
Dee 23 08:11:17.399: BRO:1 PPP: Treating connection as a callout 

Dec 23 08:11:17.399: BRO:1 PPP: Phase is ESTABLISHING, Active Open 

Dec 23 08:11:17.403: BRO:1 PPP: No remote authentication for call-out 

Dec 23 08711:217.403: BRO:1 LCP: O CONFREQ [Closed] id 3 len 10 

Dec 23 08211:17.407: BRO:1 LCP: MagicNumber O0x0042EEFD (0x05060042EEFD) 
Dec 23 08:11:17.423: BRO:1 LCP: I CONFREQ [REQsent] id 3 len 14 

Dec. 23 UStIL21 7.4272 BROT ECP: AuthProto PAP (0x0304C023) 

Dee 23 08211:17.431: BRO:1 LCP: MagicNumber 0x172FC497 (0x0506172FC497) 
Dec. 23 08311:17.4312: BRO:1 LCP: O CONFACK [REOsent|] id 3 len 14 

Dec: 23 USti121 7.4352 BRO<1 CP: AuthProto PAP (0x0304C023) 

DEC 23 O8St11217.439: BROS] LCP: MagicNumber 0x172FC497 (0x0506172FC497) 
Dec 23 08:11:17.443: BRO:1 LCP: I CONFACK [ACKsent] id 3 len 10 

Dec 23 08:11:17.443: BRO:1 LCP: MagicNumber 0x0042EEFD (0x05060042EEFD) 


Dee 23 08s11ls17.4472 BROs1: LCP: State is Open 


Dec 23 08:11:17.451: BRO:1 PPP: Phase is AUTHENTICATING, by the peer 


Dee 23 U8t1llil7 .459%. BRO:1 PAP: © AUTH=REO id 3 len 138 trom “paplady™ 


Dec. 23 08:11:17,475? BRO:1 PAP: I AUTH=ACK id 3 len 5 


Dec 23 08:11:17.479: BRO:1 PPP: Phase is UP 


Dec. 23 08311:17.483: BRO?1 IPCP: O ‘CONFREO [Closed] id 3 len 10 
Dec 23 O08¢ 11217 .487s. BRO] IPGP: Address 192.168.9.22 (0x0306C0A80916) 
Dec 23 USt11217.4912 BRO:1 CDPCP: O CONFREO [Closed] id 3. len 4 
Dec 23 O8St11217.495: BRO<1 IPCP: I CONFREO [REQsent] id 3 len 10 
DEC. 23. O8St1TI2L7 24952 BROS1 LPCPs Address 192.168.9.21 (0x0306C0A80915) 
Dec 23 O08t11217.499: BRO:s1 IPCP: O CONFACK [REOQsent] id 3. lén 10 
Dee..23: O8F11217 <5032 BROS. TPCPs Address 192.168.9.21 (0x0306C0A80915) 
Dec 23 OUStil217.507: BRO<1 CDPCP: TIT CONFREO [REOsent] id 3 len 4 
Dec. 23 UStT12:1 7.511: BROs1. CDPCP: O CONFACK [REOsent] ad 3 len 4 


Dec 23 08:11:17.515: BRO:1 IPCP: I CONFACK [ACKsent] id 3 len 10 


Dec. 23 OSs licl?.o19: BROEL IPCPs Address 192.168.9.22 (0x0306C0A80916) 


Dée..23 082113217 .519%. BROS IPCR: State ts Oper 


Dec 23 08:11:17.523: BRO:1 CDPCP: I CONFACK [ACKsent] id 3 len 4 


Dee 23 O8s1Ls17.5272 BRO: CDPCP: State is Open 


Dec: 23 UStiil~21 7.5352 BRO: IPCPY Install route. to 192.168.9221 


Dec 23 08:11:18.479: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 

Dec 23 08311223.395: SISDN=6=CONNECT: Interface BRIO:1 is now connected to 8358661 

!!!now for the disconnect 

Dec 23 08:12:14.115: SISDN-6-DISCONNECT: Interface BRIO:1 disconnected from 83586 

“all lasted 56 seconds 

Dec 23 08:12:14.227: isdn_Call_disconnect () 

Dec 23 08:12:14.227: SLINK-3-UPDOWN: Interface BRI0O:1, changed state to down 

Dee: 23 O8s123714.259%3 BRO:1 IPCP: State is Closed 

Dee 23 U8s12314.263: BROS CDPCP: State as Closed 

Dec 23 08:12:14.263: BRO:1 PPP: Phase is TERMINATING 

Dee 23 08212314.267: BROs1 DCPs State 15 Closed 


Dec 23 08:12:14.267: BRO:1 PPP: Phase is DOWN 


Dec 23 08:12:14.271: BRO IPCP: Remove route to 192.168.9.21 


Dec 23 08:12:15.227: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to down 


r5#u all 


PAP is a one-way challenge performed one time. Notice the authentication request and acknowledg 
The commands debug ppp authentication and debug ppp negotiation are quite helpful in 

troubleshooting authentication issues. In my test, r5 was the calling router and r6 was the called r 
Reference the CCO "Configuring and Troubleshooting PAP" Tech Note at Cisco.com for more detail. 


Trouble Ticket 5 Solution 


Refer back to the initial chapter scenario in Figure 9-1 for the physical layout of your lab. Use Figur 
a more detailed view of r5 and r6. Configure IS-IS onr5 and r6 as in Example 9-59. If you want to 
more of what is going on you can log the adjacency changes for IS-IS. 


Example 9-59. Configuring IS-1S on r5 and r6 


r5#configure terminal 
r5(config) #router isis 
r5(config-router) #net ? 


XX.XXXX. ... .XXX.XX Network entity title (NI 


le 
KI 
~~ 


r5(config-router) #net 49.0001.5555.5555.00 

r5(config-router) #interface sl 

r5(config-if)#ip router isis 

Dec 23 08:20:26.927: Sel PPP: Outbound clns_es packet dropped, OSICP is Closed 
[starting negotiations] 


Dec 23 08:20:26.927: Sel OSICP: State is Listen 


Dec 23 08:20:26.931: Sel OSICP: TIMEout: State Listen 


Dec 23 08:20:26.935: Sel OSICP: O CONFREQ [Listen] id 1 len 4 


Dec 23 08:20:26.947: Sel LCP: I PROTREJ [Open] id 47 len 10 protocol OSICP 
(0x802301010004) 

Dec 23 08:220:326.947: Sel OSICP: State is Closed 

Dec 23 08:20:27.083: Sel PPP: Outbound clns_is packet dropped, OSICP is Closed 
[starting negotiations] 

Déc 23 08220327 .0872 Sel OSICP: State 1s Closed 


Dec 23 08:20:27.091: Sel OSICP: TIMFout: State Closed 


Dec 23 08:20:27,091: Sel OSICP: State is Listen 
r5(config-if) #interface loopback 8 
r5(config-if)#ip router isis 


r5(config-if) #router eigrp 109 


!!!no need to send any eigrp advertisements on sl or 108 
r5(config-router) #passive-interface s1 

r5(config-router) #passive-—interface 108 
r5(config-router) #end 


r5#copy running-config startup-config 


r6é#configure terminal 

r6(config)#no router eigrp 109 

r6(config) #router isis 
r6(config-router) #net 49.0001.6666.6666.00 
r6(config-router) #interface s0 
r6(config-if)#ip router isis 

r6(config-if) #interface loopback 9 
r6(config-if)#ip router isis 
r6(config-if) #end 


ré#copy running-config startup-config 


Now that 1S-IS is configured, view your neighbors, the topology, the database, and your interfaces 
Example 9-60. 


Example 9-60. Verifying IS-IS 


r6#show clns neighbors 
System Id Interface SNPA State Holdtime Type Protocol 


O001.5555%..5955 Se0 PPP Up 28 Lik? LS=1S 


r6#show isis ? 
database IS-IS link state database 


mesh-groups IS-IS mesh groups 


route 


SspEr=Log 


topology 


r6é#show isis topology 


IS-IS paths to level-1 


System Id 


0001 .5555% 


0001.6666. 


IS=1S patas to 


System Id 


0001 .55555 


0001.6666. 


r6#show isis database 


D995) 


6666 


2099 


6666 


IS-IS level-1 routing table 


IS=1S SPF 10g 


IS-IS paths to Intermediate Systems 


Metric 


10 


level-2 


Metric 


10 


routers 

Next-Hop Interface 
0001.5555.5555 Sed 
routers 

Next-—Hop Interface 
0001.5555.5555 Sed 


IS-IS Level-1 Link State Database 


LSPID 

0001 .5555. 
O01 555.5% 
0001.6666. 
0001.6666. 


20906 


D559 


6666. 


6666. 


00-00 


01-00 


00=00* 


O1L=00* 


LSP Seq Num 


0x00000004 


0x00000001 


0x00000004 


0x00000001 


IS-IS Level-2 Link State Database 


LSPID 


O01 . 595545555: 00=00 


LSP Seq Num 


0x00000005 


0001.6666.6666.00-00* 0x00000005 


ro# 


LSP Checksum 


0x58C6 


O0x3DF8 


Ox8FFE 


O0x0AA3 


LSP Checksum 


0x68C5 


O0x18CCc 


SNPA 


*PPP* 


SNPA 


*PPP* 


LSP Holdtime 


1043 


934 


1053 


1057 


LSP Holdtime 


1053 


1058 


ATT/P/OL 


0/0/0 


0/0/0 


0/0/0 


0/0/0 


ATT/P/OL 


0/0/0 


0/0/0 


r6#show ip interface brief 


Interface IP-Address OK? Method Status 

BRIO 1922168921 YES manual up 

BRIOe 1 unassigned YES unset down 

BRIO:2 unassigned YES unset down 

Ethernet0 unassigned YES unset administratively down 
Loopback 9 65626106 YES NVRAM up 

Serial0d 192.168.9217 YES NVRAM- up 

Seriall unassigned YES unset administratively down 
Serial2 unassigned YES unset administratively down 
Serial3 unassigned YES unset administratively down 


r6#show clns interface sO 


SerialO is up, line protocol is up 


Checksums enabled, MTU 1500, Encapsulation PPP 


ERPDUs enabled, min. interval 10 msec. 


RDPDUs enabled, min. interval 100 msec., Addr Mask enabled 


Congestion Experienced bit set at 4 packets 


CLNS fast switching enabled 


CLNS SSE switching disabled 


DEC compatibility mode OFF for this interface 


Next ESH/ISH in 49 seconds 


Routang Protocol: IS=iS 


Cireult: Type: .bével=1=2 


Interface number 0x0, local circuit ID 0x100 


Level-1 Metric: 10, Priority: 64, Circuit ID: 0001.6666.6666.00 


Number of active level-1 adjacencies: 1 


Protocol 


up 


down 


down 


down 


up 


up 


down 


down 


down 


Level-2 Metric: 10, Priority: 64, Circuit ID: 0001.6666.6666.00 


Number of active level-2 adjacencies: 


Next IS-IS Hello in 5 seconds 


1 


|f for some reason you do not have neighbors or adjacencies, don't assume it is an IS-IS issue. You 
made lots of encapsulation changes in this chapter, and | would expect that to be a major target h: 
debug isis adj- packets command in Example 9-61 can help you determine such issues. 


Example 9-61. debug isis adj-packets 


r5#debug isis adj-packets 

IS-IS Adjacency related packets debugging 
cot 

Jul 20 07:10:34: ISIS-Adj: Sending L2 IIH 
Jul 20 07:10:34: ISIS-Adj: Sending L1 IIH 


Jul 20 07:10:36: ISIS=Ad): Sending Li. IIH 


J 


Jul 20 O7 210237: ISIS=Adj: Sending L2 ITH 


J 


is 


on 


on 


on 


on 


on 


Loopback8 


Loopback8 


Loopback8 


Loopback8 


Jul 20 07:10:38: ISIS-Adj: Encapsulation failed on serial IIH (Seriall) 


J 


r5#undebug all 


Change the encapsulation of r5s1 and r6sO to HDLC as in Example 9-62. If you did not experience 
"encapsulation failed" message in Example 9-61, you certainly can force that to happen here betwe 
configuration of r5 and r6. Display the routing tables on both r5 and r6 to verify reachability inforn 


all subnets in Example 9-63. 


Example 9-62. HDLC Encapsulation 


r5(config) #interface sl 


r5(config-if) #shut 


r5(config-if) #encap hdlc 


r5(config-if)#no shut 


r6(config) #interface sO 
r6(config-if) #shut 
r6(config-if) #encap hdlc 


r6(config-if) #no shut 


Example 9-63. Routing Tables 


r5#show ip route 
1.0.0.0/32 is subnetted, 1 subnets 

D Iel.L.d, [90/41152000] wia 192,168.9.13,. 00201233, Serialo 
2.0.0.0/32 is subnetted, 1 subnets 

D 222.2.2 [90/41152000] via 192.168.9.13, 00:01:33; Sériald 
3.0.0.0/32 is subnetted, 1 subnets 

D 3.3.3.3 [90/40640000] via 192.168.9.13, 00:01:33, Serial0d 
4.0.0.0/32 is subnetted, 1 subnets 

D 4.4.4.4 [90/41152000] via 192.168.9.13, 00:01:33, Serial0d 


192.168.9.0/24 is variably subnetted, 10 subnets, 2 masks 


D 192.168.9.1/32 [90/41024000] via 192.168.9.13, 00:01:33, Serial0d 
D 192..168:.9.0/30 [90741024000] vie, 192.168.9213, 00501233, Serialo 
D 192.168.9.4/30 [90/41024000] via 192.168.9.13, 00:01:34, Serial0d 
D 192.168.9.6/32 [90/41024000] via 192.168.9.13, 00:01:34, Serial0d 
D 192.168.9.8/30 [90/41024000] via 192.168.9.13, 00:01:34, Serial0d 
D 192.168.9.10/32 [90/41024000] via 192.168.9213), 00r01'35, Sérialo 
Cc 192.168.9.13/32 is directly connected, Serial0O 


(ey 192.168.9.12/30 is directly connected, Serial0 

Cc 192.168.9.16/30 is directly connected, Seriall 

Cc 192.168.9.20/30 is directly connected, BRIO 
5.0.0.0/32 is subnetted, 1 subnets 

ic 5.5.5.5 is directly connected, Loopback8 
6.0.0.0/32 is subnetted, 1 subnets 


a 6.6.6.6 [115/20] via 192.168..9.17, Seriall 


r6#show ip route 
192.168.9.0/30 is subnetted, 2 subnets 

Cc 192.168.9.16 is directly connected, Serial0O 

Cc 192.168.9.20 is directly connected, BRIO 
5.0.0.0/32 is subnetted, 1 subnets 

3 il 545-525 [LUS/20]. vaa 192.168.9.18, Serrald 
6.0.0.0/32 is subnetted, 1 subnets 


Cc 6.6.6.6 is directly connected, Loopback9 


Instead of redistributing between |S-IS and EIGRP on r5, have r5 advertise a default route via IS-| 
Example 9-64. Verify connectivity via the loopbacks. 


Example 9-64. Advertising a Default Route 


r5#configure terminal 

r5(config) #router isis 

r5(config-router) #default-—information originate 
r5(config-router) #end 

r6é#show ip route 

Gateway of last resort is 192.168.9.18 to network 0.0.0.0 


192.168.9.0/30 is subnetted, 2 subnets 


C 192.168.9.16 is directly connected, Serial0O 

Cc 192.168.9.20 is directly connected, BRIO 
5.0.0.0/32 is subnetted, 1 subnets 

a. iL 545.525) [LVS/20]. via 192.168..9.18, Serrald 
6.0.0.0/32 is subnetted, 1 subnets 

Cc 6.6.6.6 is directly connected, Loopback9 


1402 0..0.0.0/0 [115/10] wia 192.168 .9.18, SerialLo 


ré#ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/88/92 ms 
= 4/4/4 ms 

ré#copy running-config startup-config 


r5#copy running-config startup-config 


In your earlier testing, you should have noticed that r6 did not have a route to get to the remote n 
With the default-information originate command, IS-IS sent a default route to the others regar 
whether a default route existed in the routing table. 


Remove the |S-IS default-information originate and any other static/default routes in r5 and r6 
Configure one- way redistribution from EIGRP into IS-1S on r5 as in Example 9-65. 


Example 9-65. Redistributing EIGRP into IS-IS 


r5(config-router) #redistribute eigrp 109 metric ? 
<0-63> ISIS default metric 
r5(config-router) #redistribute eigrp 109 metric 50 


r5(config-router) #end 


Codes: 


r5#show ip route 


Cc = conne 


D — HKIGRP 


N1 - OSPF NSSA external type 1, 


Bl - OSPF external type 1, 


i = FS=i1S 


U - per-user static route, 


cted, 


EX -— EIGRP 


fl 


id. = Sas 


ie 


S = Static, 


I = IGR 


external, O 


level-1, L2 


o = ODR 


Gateway of last resort is not set 


P, R- RIP, 


= OSPF, 


E2 — OSPF external type 2, 


- IS-IS leve 


M —- mobile, 


EB - 


* 


diy 


B. = BGP 


TA —- OSPF inter area 


N2 - OSPF NSSA external type 2 


EGP 


—- candidate default 


1.0.0.0/32 is subnetted, 1 subnets 
Lede Del [90/411 52000) vier 192.168.9513, 00:07:53; Serialo 
2.0.0.0/32 is subnetted, 1 subnets 
2.2.2.2 [90/41152000] via 192.168.9.13, 00:07:54, Serial0 
3.0.0.0/32 is subnetted, 1 subnets 
3.3.3.3 [90/40640000] via 192.168.9.13, 00:07:54, Serial0 
4.0.0.0/32 is subnetted, 1 subnets 
4.4.4.4 [90/41152000] via 192.168.9.13, 00:07:54, Serial0 
192.168.9.0/24 is variably subnetted, 9 subnets, 2 masks 
192.168.9.1/32 [90/41024000] via 192.168.9.13, O0207:54, Seriald 
192.168.9.0/30 [90/41024000] via 192.168.9.13, 00:07:54, Serial0d 
192.168.9.4/30 [90/41024000] via 192.168.9.13, 00:07:54, Serial0d 
192.168.9.6/32 [90/41024000] via 192.168.9.13, 00:07:54, Serial0d 
192.168.9.8/30 [90/41024000] via 192.168.9.13, 00:07:54, Serial0d 
D 192.168.9.10/32 [90/41024000] via 192.168.9.13, 00:07:55, Serial0 
Cc 192.168.9.12/30 is directly connected, Serial0O 
Cc 192.168.9.16/30 is directly connected, Seriall 
Cc 192.168.9.20/30 is directly connected, BRIO 
5.0.0.0/32 is subnetted, 1 subnets 
Cc 5.5.5.5 is directly connected, Loopback8 


6.0.0.0/32 is subnetted, 1 subnets 


i Ll 6.6.6.6 [115/20] via 192.168.9917, Seriail 


r6#show ip route 
1.0.0.0/32 is subnetted, 1 subnets 

i L2 1.1.1.1 [115/60] via 192.168.9.18, Serial 
2.0.0.0/32 is subnetted, 1 subnets 

i L2 2.2.2.2 [115/60] via 192.168.9.18, Serial0 
3.0.0.0/32 is subnetted, 1 subnets 

i. LZ 3.3.3.3 [115/60] via 192.168.9.18; Serialo 
4.0.0.0/32 is subnetted, 1 subnets 

i L2 4.4.4.4 [115/60] via 192.168.9.18, Serial0 


192.168.9.0/24 is variably subnetted, 9 subnets, 2 masks 


i. £2 192.168.9.1/32 [115/60] via 192.168.9188, Serpald 
a, 2 192.168.9.0/30 [Li5/60]: via 192.168.9718, Serirald 
i, L2 192.168.9.4/30 [115/60] via 192.168.9.18, Seriald 
i L2 192.168.9.6/32. [Li5/60] via 192.168.9918, Seriald 
a. 2 192.168.9.8/30 [115/60] via 192.168.9118, Serrald 
i. D2 192.168.9.10/32 [115/60] via 192.168.9.18, Serialo 
S 192..168:..9.12/30 [1/0] wie 192..168.9.22 

8: 192.168.9.16/30 is directly connected, Serial0O 

c 192.168.9.20/30 is directly connected, BRIO 


5.0.0.0/32 is subnetted, 1 subnets 
a. ‘Tad 5be Se: [1S / 20) wie. 192.168.9318, Seriado 
6.0.0.0/32 is subnetted, 1 subnets 


cS 6.6.6.6 is directly connected, Loopback9 


The issues with this Trouble Ticket were not so much IS-IS issues but mismatched encapsulation is 
and lower-level WAN interface targets. However, the debug isis adj- packets command quickly id 
encapsulation issues. Like OSPF, in 1S-IS if you don't have neighbors that in turn means no routes 
Hence looking for neighbors is a good place to start your IS-IS troubleshooting. Use the following 
commands to assist with shooting other IS-IS troubles: 

e show ip protocols 

e show protocols 

e show ip route 

e Clear isis * 

e log-adjacency-changes 

e show clins neighbors [ detail] to verify the status of adjacencies 

e show clns interface to verify the configuration of the interface 

e show isis database to list the packets in the link-state database 

e show isis topology to list the system IDs of known IS-IS routers 

e show isis spf-log to display shortest path first events 

e debug isis adj- packets 

e debug isis update- packets 

e debug isis spf-events 


Common IS-IS issues include misconfiguration, mismatched Level 1/Level 2 interfaces, area 
misconfiguration, and duplicate system IDs. Always check your neighbors and your logs. If you hay 
turned on log-adjacency-changes remember to do a show logging to see the results. You may 
increase your logging buffer as well. 


Now that IS-IS is working and you have full connectivity via the serial link between r5 and r6, mod 
ISDN configuration to use CHAP authentication as in Example 9- 66. 


Example 9-66. Configuring CHAP Authentication 


r5(config) #interface brid 
r5(config-if) #encap ppp 
r5(config-if)#ppp authentication chap 
r5(config-if) #username r6 pass donna 


r5 (config) #end 


r6(config) #interface brid 
r6(config-if) #encap ppp 
r6(config-if)#ppp authentication chap 
r6(config-if) #username r5 pass donna 
r6 (config) #end 

r5#copy running-config startup-config 


ré#copy running-config startup-config 


Ping to verify that your new configuration is operational. Shut down or remove the serial cable bet 
and r6 to make sure that the ISDN connection is used. Alternatively, configure the ISDN connectior 
automatic backup to the serial link. If you want to look at the CHAP challenge again, issue the deb 
authentication command. 


Trouble Ticket 6 Solution 


Thus far you have worked with the ISDN D channel for call setup and signaling and the one B chan 
data traffic. Example 9-67 illustrates how to automatically bring up the second B channel if the loa 
first one is more than 10 percent. To see the effect, repeat the exercise with the load at five percer 
experience problems. 


Example 9-67. Configuring the dialer load-threshold 


r5#clear dialer 

r5#clear counters 

r5#configure terminal 

r5(config) #interface brid 

r5(config-if) #dialer load-threshold 25 either 
r5(config-if) #end 


r5#copy running-config startup-config 


r6#clear dialer 


r6é#celear counters 


r6(config) #interface brid 
r6(config-if) #dialer load-threshold 25 either 
r6(config-if) tend 


ré#copy running-config startup-config 


Now that things are configured, test it as in Example 9-68. 


Example 9-68. Bringing Up the Second B Channel 


ro#ping 

Protocol [ap]: 

Target IP address: 6.6.6.6 
Repeat count [5]: 100 
Datagram size [100]: 1500 
Timeout in seconds [2]: 
Extended commands [n]: y 
Source address or interface: 
Type of service [0]: 

Set DF bit an IP header? [no]: 
Validate reply data? [no]: 


Data pattern [OxABCD]: 


Loose, Strict, Record, Timestamp, Verbose[none]: 


Loose, Strict, Record, Timestamp, Verbose[V]: 
Sweep range of sizes [n]: y 

Sweep min size [36]: 

Sweep max size [18024]: 

Sweep interval [1]: 


Type escape sequence to abort. 


verbose 


Sending 1798900, [36..18024]-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: 
Request 0 tamed. cut. (Size 36) 


Reply to request 1 (20 ms) (size 37) 


Reply to request 26 (28 ms) (size 62) 
Dec 24 05:49:46: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO:1, 
changed state to up 


Reply to request 27 (32 ms) (size 63) 


Reply to request. 127 (52 ms) (size 163) 
Reply to request 128 (52 ms) (size 164) 
Dec 24 05:49:51: %ISDN-6-CONNECT: Interface BRI0O:1 is now connected to 


8358661 r6 


Reply to request 425 (124 ms) (size 461) 
Dec 24 05:50:19: BRO DDR: rotary group to 8358661 overloaded (27) 
Dec 24 05:50:19: BRO DDR: Attempting to dial 8358661 


Dec 24 05:50:20: SLINK-3-UPDOWN: Interface BRI0:2, changed state to up 


Dec 24 05:50:20: %SISDN-6-CONNECT: Interface BRIO:1 is now connected to 


8358661 r6 


Dec 24 05:50:20: BRO:2 DDR: dialer protocol up 
Dec 24 05:50:21: SLINEPROTO-5-UPDOWN: Line protocol on Interface BRIO0:2, 
changed state to up 


Reply to request 434 (128 ms) (size 470) 


Reply to request 440 (128 ms) (size 476) 


Dec 24 05:50:21: BRO DDR: rotary group to 8358661 underloaded (14), 


starting load activity timer 


Dec 24 05:50:26: SISDN-6-CONNECT: Interface BRI0O:2 is now connected to 


8358661 ro 


As you can see in Example 9-68, extended ping is a powerful traffic generator for getting the thresl 
level to bring up the second B channel. A ping sweep of 36 to 1500 bytes is a good initial test wher 
installing or troubleshooting devices. Over 1500 bytes doesn't buy you a whole lot, because the MT 
1500, but small sizes are good for latency issues. Sending 1500 bytes with a data pattern of all 1s 
is a good practical test, too. The Windows default is 32 bytes, but you can use the ping -I paramet 
adjust this on the PC. On the other hand, the very large ping size buys me a lot in this ticket. The ¢ 
are over 1500 bytes, so they must be fragmented, and! wantto hurry up and get a load on the lin 
bring up the needed second B channel. 


| stopped the output instead of waiting for it to finish. Verify that the second B channel was truly b 
up as in Example 9-69. 


Example 9-69. Verifying the Second B Channel 


r5#show dialer 


Dial on demand events debugging is on 


BRIO dialer type = ISDN 


Dial String Successes Failures Last called Last status 
8358663 0 0 never - 
83258061 2 0 00:00:44 successful 


0 incoming call(s) have been screened. 


0 incoming call(s) rejected for callback. 


BRI0:1 - dialer type = ISDN 
Idle timer (55 secs), Fast idle timer (20 secs) 
Wait for carrier (30 secs), Re-enable (15 secs) 


Dialer state is data link layer up 


Dial reason: ip (s=192.168.9.22, d=6.6.6.6) 
Time until disconnect 10 secs 


Connected to 8358661 (r6) 


BRI0:2 - dialer type = ISDN 

Idle timer (55 secs), Fast idle timer (20 secs) 
Wait for carrier (30 secs), Re-enable (15 secs) 
Dialer state is data link layer up 

Dial reason: Dialing on overload 

Time until disconnect 51 secs 


Connected to 8358661 (r6) 


r5#show interface bri0O 1 2 
BRIO:1 is up, line protocol is up 
Hardware is BRI 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation PPP, loopback not set, keepalive set (10 sec) 
Time to interface disconnect: idle 00:00:02 
LCP Open 
Open: .LPCP,. -CDPCP 
Last input 00:00:03, output 00:00:03, output hang never 
Last clearing of "show interface" counters 00:02:19 
Input queue: 0/75/0 (size/max/drops); Total output drops: 0 
Queueing strategy: weighted fair 
Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
Conversations 0/1/256 (active/max active/max total) 
Reserved Conversations 0/0 (allocated/max allocated) 


5 minute input rate 0 bits/sec, 0 packets/sec 


5 minute output rate 0 bits/sec, 0 packets/sec 
447 packets input, 105642 bytes, 0 no buffer 
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 
QO input errors, 0 CRC, O frame, O overrun, O ignored, 0 abort 
447 packets output, 105642 bytes, O underruns 
0 output errors, O collisions, 2 interface resets 
0 output buffer failures, 0 output buffers swapped out 
il. Carrier transitions 
BRIO:2 is up, line protocol is up 
Hardware is BRI 
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 27/255 
Encapsulation PPP, loopback not set, keepalive set (10 sec) 
Time to interface disconnect: idle 00:00:41 
LCP Open 
Open: IPCP, CDPCP 
Last input 00:00:05, output 00:00:05, output hang never 
Dec 24 05:51:15: BRO:1 DDR: idle timeout 
Dee 24 05251515: BROv1 DDR: disconnecting eall 


Dec 24 05:51:15: SISDN-6-CONNECT: Interface BRIO:2 is now connected to 8358661 r6 


Dec 24 05:51:15: %SISDN-6-DISCONNECT: Interface BRI0O:1 disconnected from 8358661 r 


™asted 89 seconds 


r5#copy running-config startup-config 


Both B channels were in fact up but are disconnecting due to the idle timeout. 


Because the load went up to about 27, the second B channel came up. 255/255 is 100-percent loac 
anything less than 255, you can divide the numerator by the denominator to get the load as a perc 
You set the dialer threshold to 25, which is about .10 times 255 or 25/255. 


Compare your final saved fixed configurations to the chapter 9 ending configs file. Update your 
documentation and fix anything that is broken. You have completed the chapter Trouble Tickets wr 
feel comfortable with the tasks assigned and the various scenarios throughout the chapter. Review 


experiment in the areas where you need more help. Understanding and troubleshooting in a lab is 
the basis for configuring devices in the real world. Check your understanding with the chapter revie 
questions. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following qt 
The answers are located in Appendix A, "Answers to Review Questions." 


1: Why do interface resets occur? 

: True or false: The ISDN signaling protocol is LAPB for the D channel. 

: The modem control leads on show interfaces sO are quite helpful for troubleshooting. DC 
keeps changing state. What else on the interface statistics would you expect to be increasi 
Look at Example 9-13 if you need to see a display of the modem control leads. 

4: Your router has a native ISDN BRI port. Is this device a TE1 or TE2? 

5: What is the difference between Multilink PPP and dial backup? 


6: Use the first HDLC scenario as a guide. Can you spot the issue in the following output: 


c3# 
03:03:49: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for Serial0/ 
03:04:03: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for Serial0/ 


03:04:18: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for Serial0/ 


03:04:32: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for Serial0/ 


r5#show ip interface brief 


Interface IP-Address OK? Method Status Pro 
BRIO unassigned YES unset administratively down dow 
BRIO:1 unassigned YES unset administratively down dow 
BRIO:2 unassigned YES unset administratively down dow 
Ethernet0 unassigned YES unset administratively down dow 


Loopback8 Siow eo YES manual up up 


es 


keg 


Serial0O 192.1 684.9318 YES manual up up 


Ser1a105.. 100 DT Ai 65 Bie YES manual deleted dow 
serial unassigned YES unset administratively down dow 
cot 


03:04:01: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for Serial0O 
03:04:15: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for Serial0O 


03:04:29: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for Serial0O 


Throughout the chapter you experienced multiple carrier transitions. What command is ve 
helpful in helping you figure out the issues with this problem? 


You have a high-speed Ethernet that is sending packets faster than the ISDN link can keer 
with. How can you improve performance? 


When are floating static routes appropriate? 


When using the backup interface method to back up a circuit, do you place the backup 
interface command under the primary or secondary interface? 


You are controlling the backup interface using the backup delay 10 60 command. What 
numbers 10 and 60 correspond to? 


Your ISDN phone bill is a lot more than you expected, but you have interesting traffic set 
appropriately with an access list. lt seems that when you finish transferring your files over 
ISDN link, the link doesn't go down. It stays up until you manually bring it down. What dic 
forget? 

Including synchronization and framing, what is the total bandwidth for ISDN BRI? 


Can you use one 64 kbps B channel to handle backup for multiple T1s? 


Summary 


Take a divide-and-conquer layered approach to supporting the WAN. Determine whether the 
trouble is with you or the service provider. After verifying that interfaces and controllers are 
functioning properly, you can move on to Layer 3 and above. Extended ping and traceroute are 
wonderful tools to assist you with both connectivity and performance issues. Service time stamps 
are invaluable for understanding debug and log output. Clearing interface counters and statistics 
are important to start monitoring the data-link activity for a certain time period. 


This chapter covered HDLC, PPP, and ISDN WAN technologies. PPP has several advantages over 
HDLC but a little more troubleshooting to go with it. Authentication is the key target. In 
supporting ISDN, show isdn status is by far the most informative command. If there are 
issues, however, you may need to analyze the switch type, the dialer, q921, q931, and 
authentication issues. Refer to Figure 9-13 for a pictorial review of troubleshooting the WAN. 


Figure 9-13. WAN Troubleshooting Review 


sh isdn status 
(end-to-end) sh controllers sO 
sh isdn status sh ip int brief 
debug ppp authentication sh int sO 
debug ppp negotiation clear int sO 


debug isdn q931 
es 


clear counters 
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clear int brid NT1 

sh int brio [12] wavea 
debug isdn q921 U ou 
debug serial int i ; | 


This completes the individual topic troubleshooting chapters. The next chapter is meant as a 
comprehensive review. It is full of troubles for you to dissect. Leverage off of your skills, 
methods, experiences, and what you have learned throughout this book to complete the hands- 
on Trouble Tickets in Chapter 10, "Trouble Tickets: The Sum of All Fears." 


Part V: Comprehensive Troubleshooting 
Exercises 


Chapter 10 Trouble Tickets: The Sum of All Fears 


Chapter 10. Trouble Tickets: The Sum of 
All Fears 


This final chapter offers you a practical comprehensive troubleshooting review. Part | of this 
book covers protocol characteristics, methodology, and tools. Part || focuses on supporting the 
1P and !IPX protocols as well as some other interesting topics such as upgrades and password 
recovery. The focus of Part III is Ethernet, switching, and VLANs. Part IV is about supporting the 
WAN. | take a slightly different approach in this chapter. In this part, | present you with a new 
physical scenario and several Trouble Tickets. You first need to discover the topology and geta 
good baseline. Then you work through the Trouble Tickets on your own one-by-one to spot and 
fix any issues. 


This chapter covers the following topics: 


e Scenario: Shooting Trouble Review 

e Trouble Ticket 1 Discovery Lab 

e Trouble Ticket 2 Documentation Lab 

e Trouble Ticket 3 OSPF Lab 

e Trouble Ticket 4 RIP/OSPF/EIGRP Redistribution Lab 
e Trouble Ticket 5 Frame Relay/ISDN Backup Lab 


e Trouble Ticket 6 VLAN and Spanning Tree Lab 


Supporting Website Files 


You can find files and links to utilities that support this book on the Cisco Press 
website at www.ciscopress.com/1587200570. Even if you do not have a lab, you can 
take advantage of the supporting configuration files including the logs to understand 
device input and output. The files are listed throughout the chapters in italics. 


In order to be able to read and work with some of the supporting files offered at 
www.ciscopress.com/1587200570, you may want to download some of the programs 
listed in Table |-1 in the Introduction. 


Scenario: Shooting Trouble Review 


In addition to the terminal server, six routers, three switches, and three PCs you have been 
working with throughout the book, you need another router with a minimum of two serial 
interfaces to complete the Trouble Tickets in this chapter. It doesn't need to do much more than 
act as a Frame Relay switch for two other routers. | also have a Microsoft box, a Novell box, and 
an 804 router on the backbone. The 804 is primarily used as a ping target and could be used as 
a TFTP server or a route generator. However, it is not required because you can certainly use 
your Microsoft box for this purpose. The Novell server is optional as well. 
As always, there is not just one right or wrong way to accomplish the tasks presented. The 
ability to obtain the end result using good practices is extremely important in any real-world 
network. Ata minimum you should "spot the issues" that are printed in the Trouble Ticket 
solutions sections following each Trouble Ticket. Think methodically. Put your tools to practice. 
Use the knowledge gained from the previous chapters, your own troubleshooting experiences, 
and a step-by-step approach to quickly get a grip on the troubles before they get a grip on you. 
Compare your work against the supporting files. The files required for this chapter include the 
following: 

e ttl layer 2 configuration 

e ttl layer 3 configuration 

e ttl layer 3 testing 

e ttl final configs 

e tt2 testing 

e tt2 syslog 

e tt2 copying configs to the tftp server 

e tt3 troubled configs 

e tt3 testing 

e tt3 fixed configs 

e tt4 troubled configs 

e tt4 fixed configs 

e tt4 copying configs to the tftp server 

e tt5 troubled configs 

e tt5 fixed configs 

e tt6 troubled configs 


e tt6 new hosts file 


e tt6 fixed configs 


NOTE 


If you paste in my files instead of configuring everything yourself, remember to modify 
my supporting troubled files for your lab environment. For example, the first serial 
interface on my duck router is sO, whereas yours may be sO/0. My backbone is 
connected via e0; yours may be fa0/0. 


Trouble Ticket 1 Discovery Lab 


Ideally, you should use Figure 10-1 as a physical starting point, discover the network on your own, 
update your drawing accordingly. To make this a true discovery lab, you should have someone els¢« 
cabling and load the preconfigured files for you. They are in the file called ttl layer 2 configuration. 
Alternatively, erase all the configurations yourself, power the devices down, and wire the new scen 
inFigure 10-2. Then you can paste in the configurations from the file provided (or configure, if you 


Figure 10-1. Chapter 10 Discovery 
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Figure 10-2. Lower-Layer Discovery/ Configuration 
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Have the person setting up the lab use Figure 10-2 as a guide to build and configure Layer 1 and L 
If you are discovering everything for yourself, | expect you to draw a diagram similar to Figure 10- 
than just look at mine. 


NOTE 


Give yourself the benefit of breaking and fixing things. Do not just paste in my troubled files, < 
then turn around and paste in my fixed files. Instead, use my troubled files to break things. Us 
the methodology, tools, and resources covered throughout the book and in your practical 
experiences to "spot the issues" and then fix them. 


After you have discovered (or configured) and tested the lower layers, use Figure 10-3 to configure 
addressing, hosts files, and routing protocols. Alternatively, paste the configurations in from the tt: 
configuration file. In this Trouble Ticket, configure anything that is missing on your devices to ensu 
to-end connectivity as in Figure 10-2. Don't forget to configure your hosts. 


Figure 10-3. Upper-Layer Discovery/ Configuration 
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Test and fix any minor issues and move directly into the documentation lab. Compare your final 


configurations to the output in the "Trouble Ticket 10-1 Discovery Lab Solution" section and the ttl 
testing and ttl final configs files. 


NOTE 


More so than the other chapters, you must thoroughly review the figures, examples, and 
configuration files provided to gain practical experience from this chapter. Even if you don't he 
the equipment handy, you can walk through the chapter and supporting documentation as if y 


did. If you think you are just at that comfortable level, do the labs anyway! You may still learr 
something. 


Make sure you have a working configuration and take time to update your documents and tables tc 
with troubleshooting later. No access lists or filters are in place at the present time, and all passwo 


are configured should be broadcreek. Simple ping and trace tests via your hosts tables are sufficier 
point. 


Trouble Ticket 1 Discovery Lab Solution 


At a minimum you should have discovered the topology like that in Figure 10-2 and 10-3. In a prar 
environment, you should use a program that automatically discovers the devices and keeps track o 


changes for you, too. | am thinking of network management programs such as CiscoWorks, HP Ops 
Cisco Info Center (CIC), Visio 2000, and so on. 


The device names are not just r1, r2, r3, and so on. Instead, | wanted to remind you to take the nz 
devices a little more seriously in a practical environment. Having a plan for naming and addressinc 
important and makes it easier for you to spot things that are out of the ordinary. After working thr: 
solution, use Trouble Ticket 2 as a reminder that you need to document your new topology. 
Remember that the troubleshooting targets at the lower layers are interfaces and controllers. | ass 
that in your baseline you verified and documented items such as model number, serial number, RA 
memory, |OS version, configuration register settings, bandwidth/speed, clocking, encapsulation, d! 
descriptions, addresses, passwords, spanning-tree portfast, VLANs, and the like. Other things that 
valuable to document in practical application include the detailed location of equipment down to th 
closet, rack, and position. 

The shaded output in Examples 10-1 through 10-3 are the types of things you should have discove 
recorded on your drawing or table for the Layer 2 baseline. To support Cisco you need to adjust thr 
commands slightly according to the CatOS or |OS command sets. Example 10-1 illustrates the type 
things to look for on your routers. Much of my output has been omitted from the printed text but is 
included in the sample files. However, you should include everything in your baseline. For the ISD? 


Frame Relay devices, refer back to those chapters for information about commands such as show ° 
map, show frame Imi, show isdn status, and so on. | concentrate more on them in Trouble Tick 


Example 10-1. Building a Layer 2 Baseline for the Routers 


duck>show version 

Cisco Internetwork Operating System Software 

TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl) 
Copyright 1986-2002 by cisco Systems, Inc. 

Compiled Sat 02-Feb-02 02:08 by nmasa 

Image text-—base: 0x030520E0, data-base: 0x00001000 

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE 

BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWAR 
duck uptime is 7 hours, 34 minutes 

System restarted by power-on 

System image file is "flash:c2500-js-1.120-2la.bin" 

cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory. 
Processor board ID 03074719, with hardware revision 00000000 


Bridging software. 


X.25 software, Version 3.0.0. 

SuperLAT software (copyright 1990 by Meridian Technology Corp). 
TN3270 Emulation software. 

2 Ethernet/IEEE 802.3 interface(s) 

2 Serial network interface(s) 

32K bytes of non-volatile configuration memory. 

16384K bytes of processor board System flash (Read ONLY) 


Configuration register is 0x2102 


duck>show flash 
System flash directory: 
File Length Name/status 
1 10253564 c2500-js-1.120-21la.bin 
[10253628 bytes used, 6523588 available, 16777216 total] 


16384K bytes of processor board System flash (Read ONLY) 


duck>show interfaces 
EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: duck to chesapeakebay backbone 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
ARP type: ARPA, ARP Timeout 04:00:00 
Last input 00:00:13, output 00:00:03, output hang never 
Last clearing of "show interface" counters never 
Queueing strategy: fifo 
Output queue 0/40, 0 drops; input queue 0/75, 0 drops 


5 minute input rate 0 bits/sec, 0 packets/sec 


5 minute output rate 0 bits/sec, 0 packets/sec 
1060 packets input, 119692 bytes, 0 no buffer 
Received 1060 broadcasts, O runts, O giants, O throttles 
QO input errors, 0 CRC, O frame, 0 overrun, O ignored, 0 abort 
0 input packets with dribble condition detected 
2098 packets output, 194947 bytes, O underruns 
0 output errors, O collisions, 15 interface resets 
0 babbles, O late collision, O deferred 
QO lost carrier, O no carrier 


0 output buffer failures, O output buffers swapped out 


Ethernetl is administratively down, line protocol is down 
Hardware is Lance, address is 0000.0c8d.6706 (bia 0000.0c8d.6706) 
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 252/255, load 1/255 
Encapsulation ARPA, loopback not set, keepalive set (10 sec) 


ARP type: ARPA, ARP Timeout 04:00:00 


SerialO is up, line protocol is up 
Hardware is HD64570 
Description: duck to goose 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 
Last input 00:00:05, output 00:00:05, output hang never 


Last clearing of "show interface" counters never 


Seriall is up, line protocol is up 
Hardware is HD64570 
Description: duck to swan 


MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, 


Last input 0000302, 


Last clearing of "show interface" counters never 


loopback not set, 


output 00:00:09, 


keepalive set 


(10 


output hang never 


!!''!check your interfaces if they do not match the output 


sec) 


!!!problems mean physical or data link issues at this point 


!!!fix any controller or interface issues on all devices before you continue 


duck>enable 


Password: 


duck#clear counters 


duck#show 


Interface 


Ethernet0O 


Ethernetl 


SerialdO 


Seriall 


Device ID 


Entry address(es): 


Platform: 


Interface 


Holdtime 


Version 


Clear "show interface" counters on all interfaces [confirm] 
ip interface brief 
IP-Address OK? Method Status Protocol 
unassigned YES unset up up 
unassigned YES unset administratively down down 
unassigned YES unset up up 
unassigned YES unset up up 
duck#show cdp neighbor detail 
: swan 
6LsCco 2520, Capabilities: Router 
: Seriall, Port ID (outgoing port): Seriall 
173 see 
Cisco Internetwork Operating System Software 
2500 Software (C2500-JS-L), Version 12.0(9), RELEASE SOFTWARE (fcl) 


I0s (tm) 


Copyright 


1986-2000 by cisco Systems, 


ine. 


Compiled Mon 24-Jan-00 22:30 by bettyl 


Device ID: 005352782 (chesapeakebay) 
Entry address(es): 
IP’ address:: 10.10.1045 
Platform: WS-C2900, Capabilities: Trans-Bridge Switch 
Interface: EthernetO, Port ID (outgoing port): 2/12 
Holdtime + 170 sec 
Version 
WS-C2900 Software, Version McpSW: 4.4(1) NmpSW: 4.4(1) 


Copyright 1995-1999 by Cisco Systems 


Device ID: goose 

Entry address(es): 

Platform: cisco 3640, Capabilities: Router 

Interface: Serial0O, Port ID (outgoing port): Serial0/0 

Holdtime : 176 sec 

Version 

Cisco Internetwork Operating System Software 

IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl) 
Copyright 1986-2000 by cisco Systems, Inc. 


Compiled Tue 05-Sep-00 21:39 by linda 


duck#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater 
Device ID Local Intrfce Holdtme Capability Platform Port ID 


swan Ser 1 165 R 2520 Ser l 


005352782 (chesapeakeEth 0 163 T S WS-C2900 2/12 


goose Ser 0 171 R 3640 Ser 0/0 


If your output differs from that in Example 10-1, go back and examine the Physical and Data Link | 
For example, check link lights, controllers and clock, speed and duplex, encapsulation mismatches, 
interface issues, cables, and so on. Example 10-2 illustrates what to look for on your CatOS-based 
to assist with building your Layer 1 and Layer 2 baseline. 


Example 10-2. Building a Layer 2 Baseline for the CatOS Switches 


chesapeakebay>show version 

WS-C2900 Software, Version McpSW: 4.4(1) NmpSW: 4.4(1) 
Copyright 1995-1999 by Cisco Systems 

NMP S/W compiled on Jan 6 1999, 18:05:22 

MCP S/W compiled on Jan 06 1999, 17:50:33 

System Bootstrap Version: 2.2(2) 


Hardware Version: 2.3 Model: WS-C2900 Serial #: 005352782 


Mod Port Model Serial # Versions 

1 2 WwS-X2900 005352782 Hw : 2.3 
Fw 2262) 
Fw 2.2: (1) 
Sw 4.4(1) 


2 2 WS-X2901 008675483 Hw : 1.4 


Sw: 4.4(1) 


DRAM FLASH NVRAM 


Module Total Used Free Total Used Free Total Used Free 


i 20480K 9972K 10508K 4096K 3584K 512K 256K 112K 144K 


Uptime is 0 day, 7 hours, 37 minutes 


chesapeakebay>show interface 


sl0: flags=51<UP, POINTOPOINT, RUNNING> 


slip 0.0.0.0 dest 0.0.0.0 


sc0O: flags=63<UP, BROADCAST, RUNNING> 


vian 1 inet 10.10.10.45 netmask 255.255.255.0 broadeast 10.10.10.255 

chesapeakebay>show port 
Port Name Status Vlan Level Duplex Speed Type 

L/d notconnect 1 normal half 100 100BaseTX 

1/2 notconnect 1 normal half 100 100BaseTX 

27 1 notconnect 1 normal auto auto 10/100BaseTX 
2/10 connected 1 normal a-half a-10 10/100BaseTX 
2/11 to heron connected 1 normal a-half a-10 10/100BaseTX 
2/12 to duck connected 1 normal a-half a-10 10/100BaseTX 


chesapeakebay>enable 

Enter password: 

chesapeakebay> (enable)set port name 2/10 to hub 
Port 2/10 name set. 


chesapeakebay> (enable)show port capabilities 


Model WS-X2900 
Port Lf 
Type 100BaseTX 


Speed 100 


Duplex 


Trunk encap type 


Trunk mode 


half, full 


ISL 


on,off,desirable, auto, nonegotiate 


Channel no 

Broadcast suppression no 

Flow control no 

Security yes 
Membership static, dynamic 
Fast. start yes 

Rewrite no 

Model WS-X2901 
Port 2/10 

Type 10/100BaseTX 
Speed acto, 10, 100 
Duplex half, full 
Trunk encap type ISL 


Trunk mode 


Channel 


Broadcast suppression 


Flow control 


Security 


Membership 


Fast. start 


Rewrite 


on,off,desirable, auto, nonegotiate 


no 


pps (0-150000) 


no 


yes 


static, dynamic 


yes 


no 


chesapeakebay> (enable) show cdp neighbor detail 


Device-ID: 804 


Device Addresses: 


IP Address: 10.10.10.40 


Holdtime: 152 sec 


Capabilities: ROUTER 


Version: 


Cisco Internetwork Operating System Software 


IOS (tm) C800 Software (C800-G3-MW), Version 12.0(1)XB1, 


RELEASE SOFTWARE (fcl) 


TAC:Home:SW:I10S:Specials for info 


Copyright 1986-1998 by cisco Systems, Inc. 


Platform: Cisco C804 


Port-ID (Port on Device): Ethernet0O 


Port (Our Port): 2/10 


Device-ID: duck 


Device Addresses: 


Holdtime: 153 sec 


Capabilities: ROUTER 


Version: 


Cisco Internetwork Operating System Software 


TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a), RELEASE SOFTWARE (fcl1) 


Copyright 1986-2002 by cisco Systems, Inc. 


Plattiorm:: eGisco 2500 


Port-ID (Port on Device): Ethernet0O 


Port (Our Port): 2/12 


Device-ID: heron 


Device Addresses: 


Holdtime: 124 sec 

Capabilities: ROUTER 

Version: 
Cisco Internetwork Operating System Software 
TOS (tm) 2500 Software (C2500-JS-L), Version 12.0(21a) 
Copyright 1986-2002 by cisco Systems, Inc. 

Plattorm: icasco 25.00 

Port-ID (Port on Device): Ethernet0O 


Port (Our Port): 2/11 


chesapeakebay> (enable) show cdp neighbors 


, RELEASE SOFTWARE (fcl) 


Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 


S - Switch, H - Host, I - IGMP, r - Repeater 


Port Device-ID Port-ID Platform Capability 
2710 804 Ethernet0O Cisco C804 R 
2/11 duck Ethernet0O cisco 2500 R 
2/12 heron Ethernet0O cisco 2500 R 


chesapeakebay> (enable) show cam dynamic 
* = Static Entry. + = Permanent Entry. # = System Entry. 


X = Port Security Entry 


R = Router Entry. 


VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type] 


1 00=00-06¢=33=a0=5d 2/11 [ALL] 


1 00=00=0e=8d=67=05 2/12 [ALL] 


1 O0=S0=73=0:7-d0=76 2/10 [ALL] 


Total Matching CAM Entries Displayed = 3 


NOTE 


Some differences exist between the CatOS and Cisco IOS. Refer back to Chapter 6, "Shooting 
Trouble with CatOS and 10S," and Chapter 7, "Shooting Trouble with VLANs on Routers and 
Switches," for a quick review. 


Example 10-2 illustrates some commands to get you started on baselining the 2900 CatOS-based < 
Example 10-3 does the same for kentnarrows, your |OS-based switch. However, the 1|OS command 
very similar to the router, so most of them are not repeated here. Interfaces, modules, trunks, por 
Address Resolution Protocol (ARP) tables, switch tables, caching, memory and CPU statistics, Hot S 
Router Protocol (HSRP), utilization, VLANs, and so on are good data to capture for future comparis 


Example 10-3. Building a Layer 2 Baseline for the |OS Switches 


kentnarrows#show mac-address-table 


Dynamic Address Count: al 
Secure Address (User-defined) Count: 0 
Static Address (User-defined) Count: 0 
System Self Address Count: Sif 
Total MAC addresses: 38 
Maximum MAC addresses: 8192 


Non-static Address Table: 


Destination Address Address Type VLAN Destination Port 


00b0.6481.e300 Dynamic 1 FastEthernet0/12 


NOTE 


Improvements are always being made. If you are used to typing show mac for short, be awa 


that this doesn't work in the most current Catalyst 1|OS. show macis now treated as an 
incomplete command. One must enter show mac address (note, no hyphen). 


The main point | wanted to make with reiterating the output of commands you should already be fi 
with is for you not to rely only on show running- config or show config. Go back and review all t 
checklists and ending reviews in each and every chapter for assistance with the individual comman 
Theshow running-config and show startup-config/show config commands are great to geta 
on how things are configured and what you need to type in for configuration purposes. They are al: 
helpful to give you a starting point for copying and pasting to speed up configuring multiple device 
However, the object of mastering the troubleshooting game is that you really need to know how to 
interpret the output of various other commands, not just show running- config. 


Paste in the configurations from ttl layer 3 configuration or configure the Layer 3 data as in Figure 
My Layer 3 and above baseline starts in Example 10-4. Verify yours now. 


Example 10-4. Building a Layer 3 and Above Baseline from the duck Rout 


duck#ping goose 

Sending 5, 100-byte ICMP Echos to 172.16.1.9, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms 
duck#ping swan 

sending 5, 100-byte ICMP Echos to 172.16.3.9, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms 
duck#ping kentnarrows 

Sending 5, 100=byte ICMP Echos to 172.16.1.45, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms 
duck#ping chesapeakebay 

Sending 5, 100-byte ICMP Echos to 10.10.10.45, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms 


duck#ping knappsnarrows 


Sending 5, 100-byte ICMP Echos to 172.16.2.45, timeout is 2 seconds: 
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/8/12 ms 
duck#trace knappsnarrows 
Tracing the route to knappsnarrows (172.16.2.45) 

1 heron (10.10.10.2) 4 msec 4 msec 4 msec 

2 osprey (172.16.2.18) 4 msec 4 msec 4 msec 

3 knappsnarrows (172.16.2.45) 8 msec 4 msec 8 msec 
duck#trace kentnarrows 
Tracing the route to kentnarrows (172.16.1.45) 

1 goose (172.16.1.9) 8 msec 8 msec 8 msec 

2 kentnarrows (172.16.1.45) 8 msec * 8 msec 


duck#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Interne 1:0,170:1022 13 0000.0c38.a05d ARPA Ethernet0 
Internet 710)::10.10.4 = 0000.0c8d.6705 ARPA Ethernet0O 
Internet 1.0.10:10.40 1 0050.7307.d076 ARPA BRthernet0 
Internet 10.10.10.45 10 0010.ffe5.17££ ARPA Ethernet0 


Example 10-4 displays the successful results of ping and trace output from the duck router, which | 
as a Starting point. It is not good to assume that this type of testing works from the other devices; 
therefore, you should repeat Example 10-4 from every device for your baseline. You may have star 
from hosta and worked your way around to hostb; that is an appropriate method of testing and ba: 
as well. 


Do not continue until you can ping every device, as in Example 10-4. Check your Physical Layer an 
interfaces if you run into any problems. 


Example 10-5 displays the interfaces on the duck router. This time not only can you check the line 
protocol status but also the IP addresses. To display the masks or see other statistics, you need to 
the individual interfaces, routing tables, and show protocols command output. 


Example 10-5. Building a Layer 3 and Above Baseline from the duck Rout 
(Interfaces) 


duck#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O 10),10:.70.2 YES manual up up 
Ethernetl unassigned YES unset administratively down down 
Loopback10 172 16.61.22 YES manual up up 
Serial0O 172.516.1400 YES manual up up 
Seriall 172.162.1217 YES manual up up 
duck#show interfaces e0 
EthernetO is up, line protocol is up 

Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 

Description: duck to chesapeakebay backbone 

Internet address is 10.10.10.1/24 

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 

Encapsulation ARPA, loopback not set, keepalive set (10 sec) 
duck#show interfaces s0 
SerialO is up, line protocol is up 

Hardware is HD64570 

Description: duck to goose 

Internet address is 172.16.1.10/29 

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, loopback not set, keepalive set (10 sec) 


duck#show interfaces sl 
Seriall is up, line protocol is up 


Hardware is HD64570 


Description: duck to swan 
Internet address is 172.16.1.17/29 
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 


Encapsulation HDLC, loopback not set, keepalive set (10 sec) 


duck#show protocols 
Global values: 
Internet Protocol routing is enabled 
EthernetO is up, line protocol is up 
Internet address is 10.10.10.1/24 


Ethernetl is administratively down, line protocol is down 


Loopback10 is up, line protocol is up 
Internet address is 172.16.1.1/30 

SerialO is up, line protocol is up 
Internet address is 172.16.1.10/29 

Seriall is up, line protocol is up 


Internet address is 172.16.1.17/29 


Note the preceding show protocols output. It is quite helpful, because it very quickly shows you v 
the routing process is on or off. This command also gives you the line and protocol status, as well < 
address and mask, all in an easy-to-read format. Example 10-6 illustrates the IP protocols and rou 
tables on duck. 


Example 10-6. Building a Layer 3 and Above Baseline from the duck Rout 
(Protocols) 


duck#show ip protocols 
Routing Protocol a6 "rip" 
Sending updates every 30 seconds, next due in 12 seconds 


Invalid after 180 seconds, hold down 180, flushed after 240 


Outgoing update filter list for all interfaces is not set 


Incoming update filter list for all interfaces is not set 
Redistributing: rip 


Default version control: send version 2, receive version 2 


Interface Send Recv Key-chain 
Ethernet0 12 ce 

Loopback10 2 Z 

Serial0 2 2 

Seriall 2 Z 


Routing for Networks: 


10.0.0.0 


17.2 54.6:0.510 


Routing Information Sources: 


Gateway Distance Last Update 
1O6T 0610152 120 00:00:14 
L726 16.1618 120 00:00:18 
W72 M619 120 00:00:19 


Distance: (default is 120) 


duck#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M —- mobile, B —- BGP 
D — EIGRP, EX — EIGRP external, O - OSPF, IA —- OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
Bl = OSPF external type 1, E2 = OSPF external type 2, E = EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, * - candidate default 
U - per-user static route, o -— ODR 
Gateway of last resort is not set 


172.16.0.0/16 is variably subnetted, 11 subnets, 2 masks 


R 172.16.1.40/29 [2120/1] via 172.16.1.9, 00:00:24, Seriald 


R 172.16.2.40/29 [120/2] via 10.10.10.2, 00:00:20, Ethernet0O 


R L72.06.1.32/29 [1120/1] via 172.16.1.9,- 00200:24, Seriald 


[120/11] wie 172.16.1.18, 0000224, Seriall 


R 1L72.16.1.24/29 [120/1) via 172.16.1.9, 00:00:24, Serialo 


[120/11]. vie 172216.1.18, 00f00224, Serial 


Cc 172.16.1.16/29 is directly connected, Seriall 

R 172..16.2.16/29 [120/71] via 10.10.10.2, 00:00:20, Ethernet0 
Cc 172.16.1.8/29 is directly connected, Serial0O 

R 172.16.228/29 [1120/1] via 10.10.10.2, 00200221, Etherneto 
R 172.16.3.8/29 [120/11] via 172.16.1.18, 00:00:24, Seriall 
Cc 172.16.1.0/30 is directly connected, Loopback10 

R 172.16.2.0/30 [120/1] via 10.10.10:2, 00:00:21, Ethernet0 


10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
R 10.0.0.0/8 [120/7] via 172.16.1.18, 00:00:04, Seriall 
[120/7] via 10.10.10.2, 00:00:26, EthernetO 


iC 10.10.10.0/24 is directly connected, Ethernet0O 


The preceding routing table shows 11 subnets for 172.16.0.0, but there should be 12. | have identi 
172.16.3.16 to be the missing route, which is the ISDN network in Figure 10-3. | brought my inter 
and then had 12 routes. It is not important that ISDN is operational in this ticket, as long as your F 
Relay link is up and running. If the 172.16.3.8 network is in your routing table, it is. 


Example 10-7 displays the hosts table that is on duck and the other devices for ease of ping, trace, 


telnet operations. 


Example 10-7. Building a Layer 3 and Above Baseline from the duck Rout 


(hosts table) 


duck#show hosts 
Default domain is not set 


Name/address lookup uses domain service 


Name servers are 255.255.255.255 


Host 


duck 


heron 


goose 


osprey 


Grab 


Swan 


chesapeakebay 


kentnarrows 


knappsnarrows 


pingme 


gwise 


Host 


novell 


etowerdh 


win98 


hosta 


hostc 


hostb 


cat2900 


Gat3512 


Flags 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


Flags 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


(perm, 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


OK) 


Age Type 
8 LP 
0 LP 
0 LP 
0 LP 
8 LP. 
0 EP 
0 LP 
0 EP 
0 LP 
8 LP 
8 LP 

Age Type 
8 LP 
8 LP. 
8 LP 
8 EP 
8 LP 
8 LP 
8 LP 
8 EP 


Address(es) 


10.10.10.1 
LiZeloele LT 
LOW Ole HOt. 2 
LV Ai Ore 2s. 
LIA wh Oe dD 
LIZelOeLe33 
Lie One.2-2,.18 
LY 2 bree. LO 
LIA wh Oe dee, 8 
LIZeL6eB%:9 
LDA lire 1 2'6 
i eee le oreo el a 
10.20).00.45 
LIZ2el6ele45 
L126 166.2045 
10.10.10.40 


10.210). 20...2.0 


Address(es) 


10200). 20.520 


10.10.10.10 


10.00). BO..10 


VI 26l621.42 


L72%16.1.43 


LT Ae 1662242 


10.10.10.45 


1226.16.45 


Lee OO 


Lt Ae liOwec 2 


Li eG. ae 


L7461661,.41 


LIA 16a. 41 


LIA 6860 


A eet lie orgs oral ee) 


261601534 


cat1900 (perm, OK) 8 IP V1 2.)602:..45 


Example 10-8 goes on to test things from the heron router's perspective. 


Example 10-8. Building a Layer 3 and Above Baseline from the heron Rot 


heron#trace kentnarrows 
Tracing the route to kentnarrows (172.16.1.45) 
1 duck (10.10.10.1) 208 msec 124 msec 56 msec 
2 goose (172.16.1.9) 12 msec 12 msec 8 msec 
3 kentnarrows (172.16.1.45) 12 msec * 8 msec 
heron#trace knappsnarrows 
Tracing the route to knappsnarrows (172.16.2.45) 
1 osprey (172.16.2.18) 0 msec 4 msec O msec 
2 knappsnarrows (172.16.2.45) 12 msec 4 msec 8 msec 


heron#show ip interface brief 


Interface IP-Address OK? Method Status Protocol 
Ethernet0O 10.10.1052 YES manual up up 
Loopback10 VIZE VO. 242 YES manual up up 
Serial0O PTZ S LO 29 YES manual up up 
Seriall ITZ. 166247 YES manual up up 


Continue to baseline the other devices in the Trouble Ticket. Compare your ending configurations t 
final configs file. If you want to see more of my testing, refer to the ttl layer 3 testing file. 


Note that | separated discovering Layer 1 and Layer 2 from Layer 3 in this Trouble Ticket. | wantec 
more emphasize a layered approach to discovery, configuration, and troubleshooting. It is helpful 1 
understand whether you have a Layer 2 or Layer 1 issue causing the problem or if in fact it is some 
Layer 3 or above. 


NOTE 


Theping command is a quick test to help you decide whether you have connectivity or data-lir 
issues when you can't physically access equipment; it is a quick test of Layer 3 and below. The 
Cisco and UNIX traceroute command tests up through Layer 4 via User Datagram Protocol 
(UDP) packets, whereas Microsoft tracert command tests through Layer 3 with Internet Contr 
Message Protocol (1 CMP) echos. 


If you need more practice after completing the discovery lab, feel free to turn this Trouble Ticket in 
configuration lab or vice versa. Actually, | highly recommend it. Practice makes perfect. You can er 
configurations on all devices and configure them from scratch as in Figure 10-3. 


Trouble Ticket 2 Documentation Lab 


Baselining and documentation are very important prerequisites to supporting and continuing to 
support networks. Add any additional notes to your drawings and tables and take time to redraw 
them if necessary. Often colored pens/pencils enable you to highlight different encapsulations, 
protocols, addresses, settings, and such. 


Logging and time stamps are extremely helpful for documentation purposes. Tools such as 
Network Time Protocol (NTP), syslog, TFTP, FTP, and Simple Network Management Protocol 
(SNMP) are quite valuable when it comes to supporting internetworks. Put some of these tools to 
practical use as you perform the following tasks: 


e Set up the duck router as the master timekeeper and have the other devices get their time 
from duck. 


e Configure the devices so that they display log and debug output with a time and date 
stamp in milliseconds. 


e Set up a syslog server such as the free 3CDaemon on hosta and configure the other devices 
to send their informational logs to the syslog server. 


e Increase the size of your logging buffers. 
e Perform a show tech-support and other baseline commands on your routers. 


e Save all configurations. Send them to a TFTP/FTP server of your choice. This could be part 
of the 3CDaemon that is running on hosta. Alternatively, you can set up one of your routers 
as a TFTP server. 


e Make sure you know where to locate specific data on Cisco's website to properly support all 
of your devices. Go back and review Chapter 2, "What's in Your Tool Bag?" for more 
specifics. For now, research the differences between a manual memory dump and an 
exception dump. Manually generate a memory dump from the duck router to the existing 
TFTP server. 


e Don't forget about your hosts and servers. Make sure you know Layer 2 and Layer 3 
addresses, gateways, routes, frame types, protocols, and so on. Refer back to the previous 
chapters to assist you with this. Add this information to your diagram or create a separate 
table. 


e (Optional) Use a protocol analyzer such as Sniffer for your baseline. Use the Sniffer as well 
asshow and debug commands where you can to analyze all background traffic on your 
network. You need to know what normal is for your environment. Refer back to Chapter 2 
for a refresher on protocol analysis with Sniffer Pro. 


Look at the "Trouble Ticket 2 Documentation Lab Solution." Can you spot the issues? Better yet, 
can you fix the issues? Make a list of each issue that you fix to compare it to the issue list and 
ending configuration in the sample solutions. Fix everything you identify, and use ping and trace 
to test all connectivity. For example, my 804 (pingme router) is a good ping target on the 
backbone, but use what you have. If you are really struggling, this Trouble Ticket includes 
sample output in a file named tt2 testing, and so does the next. Use this as a last resort. Now is 
your chance to apply methods and tools on your own. 


Trouble Ticket 2 Documentation Lab Solution 


Look at Figure 10-3. Because the drawing is getting a little crowded, you may want to take the 
information gathered and compile it into a table such as in Figure 10-4. This method to collect 
data is what | used in Chapter 5, "Shooting Trouble with Ethernet." Refer back to it for the 
templates to use for your devices and make any necessary changes for this scenario. 


Figure 10-4. Chapter 10 Discovery Baseline 


[View full size image] 


Hostname: duck Model: 2514 

00S: 12.0/2 1a) Filename: 62500-jo-1.120-214.bi0 

RAM: 14396K/ 2048 Flash: 16354K = Contig rogister: 0x2 102 
Routing protocols: IP AIPy! and v2 

Redistribution: 


MAC Address IP Address 


10,10,10.1/24 


172.16.1.10/29 


” | 372.161.1779 
1544K/0TE 


“Fort & switch | would include the management IP adcress, STP, Porttast, and Trunk State as well as VLAN and VTP data. If you are not 
using IPX of another routed profeco!, you can remove those columns to maike things easier to read 


Examine the examples and the supporting files for this chapter's Trouble Ticket 1 and Trouble 
Ticket 2. Review the ending configurations in the preceding chapter and the following examples 
to get more familiar with the environment you will be supporting in this chapter. NTP, time 
stamps, logging, and TFTP configuration start in Example 10-9 (and go through Example 10-17). 
Open the supporting file for more detailed data, including the configuration and a show tech- 
support output for the devices (tt2 testing). The TFTP server ending configurations for this 
Trouble Ticket are available in case you have the need to use TFTP to copy them to your devices. 


Example 10-9. Document the duck Router 


duck#clock set 9:59:00 July 30 2002 

duck#configure terminal 

duck (config) #service timestamps debug datetime msec 
duck (config) #service timestamps log datetime msec 


duck (config) #logging 172.16.1.42 


duck (config) #legging trap ? 


<0O-7> Logging severity level 

alerts Immediate action needed (severity=1) 
eritical Critical. conditions (severity=2) 
debugging Debugging messages (severity=7) 
emergencies System is unusable (severity=0) 
errors Error conditions (severity=3) 
informational Informational messages (severity=6) 


notifications Normal but significant conditions (severity=5) 
warnings Warning conditions (severity=4) 
<Cr> 

duck (config) #legging trap informational 

duck (config) #legging buffer 500000 

duck (config) #ntp ? 
access-group Control NTP access 
authenticate Authenticate time sources 


authentication-key Authentication key for trusted time sources 


broadcastdelay Estimated round-trip delay 
clock-period Length of hardware clock tick 

master Act as NTP master clock 
max-associations Set maximum number of associations 
peer Configure NTP peer 

server Configure NTP server 

source Configure interface for source address 
trusted-key Key numbers for trusted time sources 


duck (config) #ntp master 
duck (config) #end 


duck#copy running-config startup-config 


Set up your syslog server before you configure the other routers. Figure 10-5 displays the 
3CDaemon free syslog server running on hosta. 


Example 10-10. Document the heron Router 


heron (config) #service timestamps debug datetime msec 

heron (config) #service timestamps log datetime msec 

heron (config) #ntp server 172.16.1.1 

heron (config) #ntp source e0 

heron (config) #end 

heron#show ntp status 

Clock is synchronized, stratum 9, reference is 172.16.1.1 

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19 


reference time is COFOE5E3.EBC9E623 (10:16:03.921 UTC Tue Jul 30 2002) 


clock offset is -0.1268 msec, root delay is 6.52 msec 

root dispersion is 0.21 msec, peer dispersion is 0.05 msec 
heron#configure terminal 

heron (config) #logging 172.16.1.42 

heron (config) #legging trap informational 


heron (config) #logging buffer 500000 


heron (config) #end 


heron#copy running-config startup-config 


Example 10-11. Document the goose Router 


goose (config) #logging 172.16.1.42 


goose (config) #leogging trap informational 


goose (config) #logging buffer 500000 

goose (config) #service timestamps debug datetime msec 
goose (config) #service timestamps log datetime msec 
goose (config) #ntp server 172.16.1.1 

goose (config) #ntp source s0/0 

goose (config) tend 

goose#show clock 

10:19:32.447 UTC Tue Jul 30 2002 


goose#copy running-config startup-config 


Example 10-12. Document the osprey Router 


osprey (config) #leogging 172.16.1.42 

osprey (config) #leogging trap info 

osprey (config) #logging buffer 500000 

osprey (config) #service timestamps debug datetime msec 
osprey (config) #service timestamps log datetime msec 
osprey (config) #ntp server 172.16.1.1 

osprey (config) #ntp source s0/0 

osprey (config) #end 


osprey#copy running-config startup-config 


Example 10-13. Document the crab Router 


crab (config) #logging 172.16.1.42 


crab (config) #logging trap informational 


crab (config) #logging buffer 500000 

crab (config) #service timestamps debug datetime msec 
crab (config) #service timestamps log datetime msec 
crab(config)#ntp server 172.16.1.1 

crab (config) #ntp source sO 

crab (config) #end 


crab#copy running-config startup-config 


Example 10-14. Document the swan Router 


swan (config) #logging 172.16.1.42 

swan (config) #logging trap informational 

swan (config) #logging buffer 500000 

swan (config) #service timestamps debug datetime msec 
swan(config) #service timestamps log datetime msec 
swan(config)#ntp server 172.16.1.1 

swan(config) #ntp source sl 

swan (config) #end 


swan#copy running-config 


Example 10-15. Document the ferry Router (Frame Relay Switch) 


ferry (config) #logging 172.16.1.42 

Cannot open logging port to 172.16.1.42 
ferry (config) #logging trap informational 
ferry (config) #logging buffer 500000 


ferry (config) #service timestamps debug datetime msec 


ferry (config) #service timestamps log datetime msec 
ferry (config) #ntp server 172.16.1.1 

ferry (config) #ntp source s0 

ferry (config) #end 


ferry#copy running-config startup-—config 


Example 10-16. Document the chesapeakebay Switch (2900 CatOS) 


chesapeakebay> (enable)set logging server 172.16.1.42 

172.16.1.42 added to System logging server table. 

chesapeakebay> (enable)set logging timestamp enable 

System logging messages timestamp will be enabled. 

chesapeakebay> (enable)set logging buffer 500000 

Usage: set logging buffer <buffer_size> 
(buffer_size = 1..500) 

chesapeakebay> (enable)set logging buffer 500 

System logging buffer size set to <500> 

chesapeakebay> (enable)set ntp server 172.16.1.1 

NTP server 172.16.1.1 added. 

chesapeakebay> (enable) show ntp 

Current time: Tue Jul 30 2002, 10:48:28 

Timezone: '', offset from UTC is O hours 

Summertime: '', disabled 

Last NTP update: 

Broadcast client mode: disabled 

Broadcast delay: 3000 microseconds 


Client mode: disabled 


NTP 


-Server 


172 


pe cee! pe 


Example 10-17. Document the kentnarrows Switch (3512XL1OS) 


Ken 


Ken 


Ken 


Ken 


kentnarrows (config) #logging 172.16.1.42 
kentnarrows (config) #logging trap informational 


kentnarrows (config) #leogging buffer 500000 


tnarrows (config) #service timestamps debug datetime msec 
tnarrows (config) #service timestamps log datetime msec 


tnarrows (config) #ntp server 172.16.1.1 


tnarrows (config) #ntp source vlanl 


kentnarrows (config) #end 


kentnarrows#show ntp status 


Clock is synchronized, stratum 9, reference is 172.16.1.1 


nominal freq is 381.4697 Hz, actual freq is 381.4697 Hz, precision is 2**17 


reference time is COFOE9A4.9AD26EC9 (10:32:04.604 UTC Tue Jul 30 2002) 


clock offset is 4.1159 msec, root delay is 15.59 msec 


root dispersion is 7.81 msec, peer dispersion is 3.68 msec 


kentnarrows#copy running-config startup-config 


the output of the 1900 is not shown for this trouble ticket 


Figure 10-5. 3CDaemon Syslog on hosta 


View full size image 


DADO Lbe23:47 $72.16.1.45 f tis hf 30 13:21:49,770: %CLEAR-S-COUNTERS: Clear counter on all interf. 

DAW Us13:43 £72.16.1,34 A 29: AS 30 11:13-46,506: %CLEAR-5-COUNTERS: Gear courker on all interf. 

$72.16,.2.18 A 20: Jf 30 11:09:22,910; %CLEAR-S-COUNTERS: Crear counter on all interf. 

172.16,1.41 P 7s Ju 30 11:08:32,700; %CLEAR-5-COUNTERS; Gear counter on all interf. 

10.10, 10.2 f 16: Jul 30 11:05:40,239; %CLEAR-~S-COUNTERS: Gear counter on all interf. 

DAD 1io4:39 172.16.1.10 smotice «21: Jul 30 11:04:95,903; %CLEAR-S-COUNTERS: Gear counter on af interf. 

3430 1005S:41  172.16.1.10 i 20: Jf 30 10:85:44.387: %SYS-S-CONFIG_I: Configured from corsale by cx 

2450 10e43:11 £72.16.1.10 f 15: Ad 30 10:43234,203: %SYS-S-CONFIG_I: Configured From console by cr 

BAD L0e41:46 $72.16.1.45 f 10s dé 30 10:41:48,755: %SYS-S-CONFIG_I: Configured From consalie by cr 

$72.16,1.34 i 28: hd 30 10:40:30,397: %SYS-S-CONFIG_I: Configured from console by ct 

172,16,3.10 a 22: Ad 30 10:40:07,865; %SYS-S-CONFIG_I: Configured from console try cx 

172.16.2.18 f 19: Jul 30 10:39:45 482: %SYS-5S-CONFIG_I: Configured from console by ct 

172.16,1.41 .Petics 70 hf 30 10:39:26,750; %S¥S-5-CONFIG_I: Configured from console by ct 

10.10,10.2 R 17: Rd 30 10;99211.989: %S¥S-S-CONFIG I: Configured from console by cr 

$72.16.1.10 r 1B: Juf 30 10:38:52,923: %SYS-S-CONFIG_I: Configured From consale by ct 

$72.16.1.45 f S: Ad 30 10:32206.893: %SYS-S-CONFIG_I: Configured from console by cor 

$72.16,1.34 f 27: *Mar 1 01:32:32,467: %SYSS-CONFIG_I: Configured from console by 

$72.16,3.10 f Zhe *Mar | 01:31:15,979: %SYS-S-CONFIG_T: Configured from console by 

$72,16,2.18 F 18: Jub 30 10:21:25.774; %SYS-5S-CONFIG_I: Configured from console by cr 

339 172.16.1,41 netics 69: hd 30 10;:20241,775; %SYS-S-CONFIG_I: Configured from console by ct 

DAW 2019:17  172.16.1.41 e 66: Jf 30 10:19:20,199: %SYS-S-CONFIG_I: Configured from console by ct 
3d DO tOv2115 mz a Usteminng For Systog messages on IP address: 172.16.1.42 


Now that you have some common documentation tools configured, such as NTP, time stamps, 
logging, and syslog, you should continue to use these tools to assist you with supporting the 
network. Verify that NTP is working on duck in Example 10-18 and then be sure to save all your 
configurations. 


Example 10-18. Viewing NTP on duck 


duck#show ntp associations 


address ref clock st when poll reach delay offset disp 
isl ie eal a ee! ee VDL 2H x Ved. a LS 64 377 0.0 0.00 0.0 
* master (synced), # master (unsynced), + selected, - candidate, ~ configured 


duck#show ntp status 

Clock is synchronized, stratum 8, reference is 127.127.7.1 

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19 
reference time is COFOEC36.D3096102 (10:43:02.824 UTC Tue Jul 30 2002) 
clock offset is 0.0000 msec, root delay is 0.00 msec 


root dispersion is 0.02 msec, peer dispersion is 0.02 msec 


Example 10-19 shows the copying of the configurations to the TFTP server that | have running 
on hosta. | did not bother with the 1900 or 804 because they would be just as easy to 
reconfigure as to download the configuration. 


Example 10-19. Copying the Configurations to the TFTP Server 


duck#copy running-config tftp 
Address or name of remote host []? 172.16.1.42 


Destination filename [tt2duck-confg] ? 


1936 bytes copied in 8.744 secs (242 bytes/sec) 
heron#copy running-config tftp 
Address or name of remote host []? 172.16.1.42 


Destination filename [tt2heron-confg] ? 


1963 bytes copied in 7.676 secs (280 bytes/sec) 
goose#copy running-config tftp 
Address or name of remote host []? 172.16.1.42 


Destination filename [goose-confg]? tt2goose—confg 


2880 bytes copied in 1.664 secs (2880 bytes/sec) 
osprey#copy running-config tftp 
Remote host []? 172.16.1.42 


Name of configuration file to write [osprey-confg]? tt2osprey-confg 


Write file tt2osprey-confg on host 172.16.1.42? [confirm] 
Building configuration... 

Writing tt2osprey-confg !! [OK] 

crab#copy running-config tftp 


Address or name of remote host []? 172.16.1.42 


Destination filename [crab-confg]? tt2crab-confg 


2695 bytes copied in 10.64 secs (269 bytes/sec) 
swan#copy running-config tftp 
Address or name of remote host []? 172.16.1.42 


Destination filename [swan-confg]? tt2swan-confg 


2333 bytes copied in 12.356 secs (194 bytes/sec) 
ferry#copy running-config tftp 
Address or name of remote host []? 172.16.1.42 


Destination filename [ferry-confg]? tt2ferry—confg 


SError opening tftp://172.16.1.42/tt2ferry-confg (Socket error) 


ferry#!!!ip is not running on the frame switch 


ferry#!!!use your terminal program to get a copy of that config 


chesapeakebay>enable 


Enter password: 


chesapeakebay> (enable) copy ? 


Usage: copy tftp flash 


copy flash tftp 


chesapeakebay> (enable)write ? 


Usage: write network 


write terminal 


write <host> <file> 


chesapeakebay> (enable)write network 


IP address or name of remote host? 172.16.1.42 


Name of configuration file? tt2chesapeakebay-confg 


Upload configuration to tt2chesapeakebay-confg on 172.16.1.42 


(y/n) 


fn]? 


y 


Finished network upload. (7861 bytes) 


chesapeakebay> (enable) 


kentnarrows#copy running-config tftp 

Source filename [running-config]? 

Destination IP address or hostname []? 172.16.1.42 
Destination filename [running-config]? tt2kentnarrows-confg 


Building configuration... 


1952 bytes copied ian 0.322 secs 


My supporting TFTP files are included as well. Reference their names in Example 10-19. 


Another task in this Trouble Ticket is the memory dump. Example 10-20 displays the output of 
the memory dump to the TFTP server, which takes some time if you plan on letting it finish. 


Example 10-20. Memory Dump to TFTP 


duck#ping 172.16.1.42 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 172.16.1.42, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms 
duck#write core 

Remote host [0.0.0.0]? 172.16.1.42 

Base name of core files to write [duck-core] ? 


writing uncompressed tftp://172.16.1.42/duck-core 


writing uncompressed tftp://172.16.1.42/duck-coreiomem 


The core dump created two files on the TFTP server for the duck router: 


e duck-core 


e duck-coreiomem 


NOTE 


Cisco is moving away from relying on writing an exception dump to an external 
TFTP/FTP server. Whenever there is sufficient space in boot flash or on a Flash PC card, 
acrashinfo file is usually written. This includes the output of show stack and show 
tech-support, as well as the most recent exec mode and config mode commands. 


You should also create a table to document your hosts as in Table 10-1. If you are the 
server/workstation group rather than the network group, your table will probably look a lot more 
detailed than what this provides. The point here is that troubleshooting is end to end. Normally 
this means from host to host with any switches and routers in between. The main tools on 
Windows hosts include ipconfig/winipcfg and the network property sheet. Ensure you can ping, 
trace, and telnet to every device from each host before you proceed to the other Trouble Tickets. 


Table 10-1. Hosts 


hosta: Win2K WinBook (172.16.1.42/29) (3Com PCMCIA NIC 00104BA5AE50) | P-arpa/| PX- 
sap 100Mbps/full Client for Microsoft and NetWare Networks 


hostb: Win98 Toshiba (172.16.2.42/29) (Xircom CE-I|ps NIC 0080C7AAC887) | P-arpa/| PX- 
sap 10Mbps/half Client for Microsoft and NetWare Networks File and Printer Sharing for 
Microsoft 


hostc: Win98 Dell (172.16.1.43/29) (3Com PCMCIA NIC 005004DF5F3C) IP-arpa 
100Mbps/full Client for Microsoft File and Printer Sharing for Microsoft Networks 


Documentation and baselining are extremely important but are very time-consuming. Ina 
practical environment, it many times gets put off until later, and later never comes. However, 
supporting the LAN and WAN is much easier when you have done your homework up front. 


NOTE 


You can never have too much documentation. Now that you have it, consider 
experimenting a bit. If you really want to verify your configurations, erase them all on 
your devices. Be brave and reload them, too. Then set up your devices for basic | P 
connectivity to the TFTP server and download your previously saved configurations. 


Now that you are quite familiar with the scenario through discovering or configuring it, 
supporting it, and documenting it, be prepared for some more challenging Trouble Tickets. The 
name of the Trouble Ticket obviously gives you a hint of some (not all) of the issues. You need to 
"spot the issues" on your own instead of following my lead page by page, step by step. Issue 
lists are provided after each Trouble Ticket so that you can make sure you at least found the 
issues | intended. 


Trouble Ticket 3 OSPF Lab 


Paste in the configuration changes from my tt3 troubled configs file to get started. In this 
Trouble Ticket, the routing protocol changes from Routing Information Protocol (RIP) to Open 
Shortest Path First (OSPF). Update your drawings accordingly. When you are certain everything 
is working (and it is not right now), display the OSPF configuration on the swan router and 
perform a trace to the goose router. Explain why goose takes the path it chooses. Save your 
corrected configurations to the TFTP server. All hosts should be able to ping and trace a device 
on the backbone. 


The chesapeakebay backbone switch and the Frame Relay ferry router should both be 
operational. | would much prefer to have a Gigabit Ethernet or even a 100-Mbps backbone, but 
it is not necessary for you to go to that expense for lab purposes. In the practical environment, 
that is another issue. It is also not intended for you to configure ISDN in this ticket unless you 
want to. OSPF is running on all routers except the 804 on the backbone, in which the particular 
10S doesn't support OSPF. Instead of upgrading the |OS, use default routes. All telnets to 
knappsnarrows are blocked, but ping, trace, and HTTP access should work in this scenario. Make 
sure you are able to ping all loopbacks, and then move on to the rest of the intended solution. 


Trouble Ticket 3 OSPF Lab Solution 


Many times fixing one thing can break another or lead you to another issue, which is why | 
referred to this as the intended solution. However, you must keep a methodical mindset and 
divide and conquer to find the real issues. Hopefully, the practical nature of this book thus far 
has helped shape you into someone who has the methodology, tools, and know-how to do some 
troubleshooting on your own. That is your task for the rest of the Trouble Tickets in this book. 
You should have already pasted in the troubled configurations from the tt3 troubled configs file, 
but if not, you can do that now. Review your documentation that you should have been updating 
throughout the chapter, peek at Figure 10-6 if you must, and fix any issues at this time. 
Document your findings. 


Figure 10-6. Trouble Ticket 3 OSPF 


View full size image 


(opt) 804 Wins .10 Novel 4.11 20 


* Al ethomots 10 Mbps uriless noted. ** 
** All sorials 1.544 Mbos uriiess noted, ** 
** Password — broadereek ** 

** PF - portiast ** 


Ethemet!| Static 
(opt) Routes 
otowerdh gwse and Gateways 
#-10,a-hat 10.10.10.024 


10.10.10.024 


Terminal Server (2511) 
0 1.10.18 


4 duck (r1) 2514 
2 heron (2) 2501 
3 goose (3) 3640 
4 osprey (14) 3620 
5 crab (15) 2516 
6 swan (r6) 2520 
7 tory ((7) 2513 
8 chesapeakebay (51) 2900 
9 kontnartows (82) 35121 
10 knappsnarrows (53) 1900 
DLC! 600 . 
/'80.800p OLC! S0c", 
; 8100p", 


6, 16, 24, 32, 40, 48.248 
Mask 255.255.254.248 


NOTE 


If you have problems pasting in the configurations, you may need to adjust the options 
such as the Line Send Delay in your terminal program. 


Use the following notes to make sure you found and fixed all the issues | planned for the OSPF 
Trouble Ticket. (There may be others, too, but you'll need to find them as you go along.) 


hosta issues: 
e Wrong subnet mask of 255.255.255.252. You may not have had this problem, but you can 
configure it to observe the results. 


duck (r1) issues: 


e Multiple OSPF routing processes are not needed here. (You need to redistribute if you leave 
this unless you want completely separate routing processes.) OSPF 2 uses a subnet mask 
rather than a wildcard mask. Depending on your |OS version, the 1|OS may autocorrect this 
into a wildcard mask. 


e My intent was for you to remove the router OSPF 2 configuration, not redistribute. 


e Missing network 172.16.1.0 statement under OSPF 1, so you can't reach the two 64 kbps 
links between goose and swan. 


heron (r2) issues: 


e Password recovery. 

e Clock on sO and sl. 

e Loopback 10 administratively shut down. 
e NoIP subnet zero. 

e OSPF configuration. 


goose (r3) issues: 


e Speed on fa2/0. 
e Duplex on fa2/0. 


e The access list should block hosta and hostc from telnetting to knappsnarrows. However, 
ping and HTTP should still work. 


e There are only deny statements in the access list. Every ACL needs at least one permit 
statement. 


e The access list should be inbound on goose fa2/0. 


osprey (r4) issues: 


e Incorrect hostname (egret rather than osprey). 


e OSPF was incorrectly configured for area 2. J ust because the duck router has a route to the 
osprey router doesn't mean that osprey has a return trip back to duck. 


crab (r5) issues: 
e The OSPF statement for interfaces 0.0.0.0 255.255.255.255 is set to area 0. It should be 


area 1, but this incorrect OSPF statement causes a nice virtual link reminder on the crab 
router. 


swan (r6) issues: 
e There are individual OSPF statements for the interfaces, but there is an incorrect address 
on the last one. 


chesapeakebay (s1) issues: 


e Ports incorrectly set to VLAN 10. 
e VTP mode was Set to transparent with a VTP domain name of tt3. 


kentnarrows (s2) issues: 


e Speed on fa0/12. 


If you need assistance with testing and finding the issues, the file tt3 testing may help; | have 
annotated it in several places to help you understand some of the issues. The fun of all this is if 
you did not find all the issues in one Trouble Ticket, they may still be there waiting for you in the 
next one. On the other hand, if you are totally frustrated, you can paste in the necessary 
portions of the tt3 fixed configs file. 


Next use Example 10-21 to answer the question about the swan-to-goose trace. 


Example 10-21. swan-to-goose Trace 


swan#trace goose 
Type escape sequence to abort. 
Tracing the route to goose (172.16.1..9) 
1 duck (172.16.1.17) 4 msec 4 msec 4 msec 


2 goose (172.16.1.9) 12 msec * 8 msec 


swan#show ip ospf interface 
Seriall is up, line protocol is up 
Internet Address 172.16.1.18/29, Area 1 
Process ID 1, Router ID 172.16.3.9, Network Type POINT_TO_POINT, Cost: 64 
Transmit Delay is 1 sec, State POINT_TO_POINT, 
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 
Hello due in 00:00:03 
Neighbor Count is 1, Adjacent neighbor count is 1 
Adjacent with neighbor 172.16.1.1 
Suppress hello for 0O neighbor (s) 
Serial2 is up, line protocol is up 
Internet Address 172.16.1.26/29, Area 1 
Process ID 1, Router ID 172.16.3.9, Network Type POINT_TO_POINT, Cost: 1562 


Transmit Delay is 1 sec, State POINT_TO_POINT, 


Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 
Hello due in 00:00:00 

Neighbor Count is 1, Adjacent neighbor count is 1 
Adjacent with neighbor 172.16.1.41 

Suppress hello for 0O neighbor (s) 

Serial3 is up, line protocol is up 

Internet Address 172.16.1.34/29, Area 1 

Process ID 1, Router ID 172.16.3.9, Network Type POINT_TO_POINT, Cost: 1562 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 
Hello due in 00:00:03 

Neighbor Count is 1, Adjacent neighbor count is 1 
Adjacent with neighbor 172.16.1.41 

Suppress hello for 0 neighbor (s) 


swan#!!!compare the costs to the bandwidths 


Compare your final saved fixed configurations to the tt3 fixed configs file. Compare your updated 
drawing to Figure 10-6. 


NOTE 


On the practical side of things, you may consider breaking up OSPF area 1 into two 
separate areas. For example, looking at Figure 10-6, 172.16.1.0/24 could be left as it 
is in OSPF area 1 and 172.16.2.0/24 could easily be its own area 2. 


Congratulations are most definitely in order for completing this Trouble Ticket. Move along to the 
next or save the challenge for another day. 


Trouble Ticket 4 RIP/OSPF/EIGRP Redistribution Lab 


Redistribution is trouble in itself, and you should never really plan to use it permanently. 
However, everyone does. It is a quick way to get multiple routing protocols talking and alsoa 
quick way to insert routing loops or feedback without the proper filtering. Preferably, if you must 
redistribute you should redistribute in one direction and use static or default routes in the other 
instead of mutually redistributing. 


Paste in the configuration changes from my tt4 troubled configs file to get started. In this 
Trouble Ticket, the routing protocol changes once again. Use Figure 10-7 as a guide to 


understand the routing domains so that you can shoot the troubles with Trouble Ticket 10-4. As 
you can see in Example 10-22, a syslog server was running when some of the issues occurred. 


Example 10-22. Syslog Output 


Jul 31 19:22:08 local Listening for Syslog messages on IP address: 172.16.1.42 


Jud 31 19223323 LI2Z016.1..44. i253 Jul 31. 07323:47.352: SLINEPROTO=5=UPDOWN: 


Line protocol on Interface Serial0/0, changed state to down 


Jud 31. 19323:25. 172.16.1..41 126: Jul 31 07 223¢49.076: SLINK=3=UPDOWN : 
Interface Serial0/0, changed state to up 

Jud 31. 193232925. 172.16.1.41 127s dul 31. 07 523:50.076: SLINEPROTO=5=UPDOWN: 
Line protocol on Interface Serial0/0, changed state to up 

Jul 31 19323:36 172.16.1.41 128: Jul 31 07:24:00,456: SOSPF=5=ADUCHG: 
Process 1, Nbr 172.16.1.1 on Serial0/O from FULL to DOWN, Neighbor Down 

Jud 31 19323:53 L72.16.1.41 129% Jul 31. OF 24217.376: SLINEPROTO=5=UPDOWN: 
Line protocol on Interface Serial0/0, changed state to down 

Jul 31. 19325227 L0.10.10-1, 64: dul BL-O7:25:48 218%. SSYS=5=CONFIG. 1: 
Configured from console by console 

Jul 31 19:26:07 172.16.2.2 34: Jul 31 07:26:31.402: %DUAL-—5-NBRCHANGE: 
IP-EIGRP 10: Neighbor 172.16.2.10 (Serial0) is down: interface passive 

Jul 31 19:26:18 172.16.2.10 37: Jul 31 07:26:42.003: %DUAL-—5—-NBRCHANGE: 
IP-EIGRP 10: Neighbor 172.16.2.9 (Serial0) is down: holding time expired 


Jud) 34. 19836304 LI2.16.1.41 L303: «ual. 3h O73 36728 .471: SsSyYs=5=CONFIG. 1 


Configured from console by console 


Figure 10-7. Trouble Ticket 4 RI P/ OSPF/ EI GRP Redistribution 


[View full size image] 
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Terminal Server (2511) 
10 1.4,1.18 


1 duck (r1) 2514 

2 Naron (2) 2501 

3 goose (3) 3640 

4 osprey (14) 3620 

5 crab (1S) 2516 

6 swan (6) 2520 

7 ferry (F7) 2513 

8 chesapeakebay (st) 2900 
9 kentnanrows (62) 3512x1 
10 knappanarrows (63) 1900 172.16.2.0/24 


EIGRP AS 10 


Scbrets —* 0, @. 16, 24, 32. 40, 40.240 
Mask 255 255 255 248 


Once upon atime everything was working, but not anymore. Look at Example 10-22 to help 
determine what is wrong. The swan router should use the Frame Relay circuit to get to the 
Extended Interior Gateway Protocol (EIGRP) domain. The crab router should use the Frame 
Relay circuit to get to the OSPF domain. When you have addressed all the issues, copy your 
working configurations to the TFTP server. 


Trouble Ticket 4 RIP/OSPF/EIGRP Redistribution Lab Solution 


You should have pasted in the configuration changes from my tt4 troubled configs file. Fix the 
issues and document your findings. Use the following list to make sure you found and fixed all 
the issues | planned. There may be others, too. 


duck (r1) issues: 


e Aliases were set for the show command (and its shortcuts) to "not.this.time." However, 
you can use write terminal in place of show run to see and change the alias commands. 


e RIP is only sending version 1, which doesn't understand discontiguous subnets. 
e Network 10.10.10.0 advertised in both RIP and OSPF and redistributed. 

e Route filtering. 

e Router OSPF 10 not needed. 

e Encapsulation mismatch on sO. 


heron (r2) issues: 


e Passive interface on sO under EIGRP. 


e The EIGRP ip summary-address statement gives the same effect as the default auto- 
summary feature. 


e Incorrect subnet mask on e0. 


goose(r3) issues: 


e Password recovery. 


e OSPF is broken after the password recovery. You had to bring the interfaces up, too, 
because they were all ina shutdown state. 


e Duplicate IP with hostc. 


osprey (r4) issues: 


e Duplicate MAC with hostb. 


swan (r6) issues: 


e The default route is 0.0.0.0 255.255.255.255 rather than 0.0.0.0 0.0.0.0. 


chesapeakebay (s1) issues: 


e Module 2 is in a shutdown state. 


Compare your final saved fixed configurations to the tt4 fixed configs file. Add any additional 
notes to your drawing and/or tables. 


Trouble Ticket 5 Frame RelayISDN Backup Lab 


On the WAN you are interfacing with service providers no matter what service you use. When it 
is critical that remote offices communicate with headquarters or each other, normally some type 
of automatic failover is in place until the network recovers. Redundancy is one thing; problem 
diagnosis is another. 


Suppose you get a call from a user indicating that "things are slow." Slow compared to what? Is 
the underlying cause a throughput issue or that of response time. A large file transfer will be 
limited by bandwidth, for example, whereas a transaction processing system will be limited by 
latency (lots of end-to-end trips). Ultimately, you must characterize whether you are dealing 
with a user complaint or an application requirement. To do that, it is important to understand 
the behavior of the application and the protocol stack from end to end. 


This is not intended to be a design book, but internetworks clearly operate more efficiently if 
they are designed well. My point is that your issues on the WAN may not just be configuration- 
oriented. Finding faults and understanding why they occurred may mean you have performance 
issues that traffic sharing and quality of service (QoS) can assist with or you may in fact need 
more bandwidth. Many times we think bandwidth solves all, when in fact it doesn't shrink 
geography. These issues are beyond the scope of the book but are becoming more and more 
important in everyday network support. Ensure you properly design your networks to begin with 
and that you are prepared to support them with the right tools in your tool bag. 


In this Trouble Ticket, you must play the role of the end user and the service provider and take 
care of all issues. Verify that Frame Relay is working and using the ISDN link for a backup. Start 
your testing with hosta and work your way around to hostb to spot the issues to draw you closer 
to the real problem areas. 


The physical devices and wires have not changed, but the logical topology has been adjusted 
somewhat. Update your drawing as per Figure 10-8 after you discover the new changes. 


Figure 10-8. Trouble Ticket 5 Frame Relay/!1SDN Backup 
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(opt) 804 Win96.10 Novell 4.11 .20 
** Ad ethornets 10 Mops unless noted, ** : y - 


** Ail serials 1.544 Mops unless noted. ** Ethermet 
** Password — broadcrook ** (opt) 
™ PF - portlast ** 


10.10. 10.024 


Terminal Server (2511) 
oO 1.1.1, 1/8 


1 duck (rt) 2514 
2 heron (12) 2501 int 
3 goose (r3) 2640 

4 osprey (r4) 3620 

5 crab (15) 2518 DCE 
6 swan (16) 2520 

7 sorry (7) 2513 

8 chesapeakobay (s1) 2900 
9 kentnarrows (52) 3512x1 
10 knappsnarrows (53) 1900 


The swan keeps passing packets to the duck router to get to kentnarrows. | want you to assume 
the Tl between swan and duck is quite saturated, however. Send all packets from swan to 
kentnarrows and its hosts by way of the goose router. Likewise, packets coming from hosta and 
hostb should not go through the chesapeakebay switch to get to the swan router. In addition, 
chesapeakebay should take the shortest route to the hosts. 

Congratulate yourself when you can successfully console and telnet to kentnarrows, 
chesapeakebay, and knappsnarrows from hosta. A current syslog capture display is in Example 
10-23 if it can be of any help. 


Example 10-23. Trouble Ticket 5 Syslog Capture 


Aug 01 13:37:41 local Listening for Syslog messages on IP address: 
172.16.1.42 

Aug 01. 13938345 172.16.2.9 582 Aug 1 01:239309.524: SS¥S-S=CONFIG_I: 
Configured from console by console 

Aug 01 13:40:34 172.16.1.41 82: Aug 1 01:40:59.069: %SYS-5-CONFIG_I: 


Configured from console by console 


Aug 01 13741:53 172.16.1.18 136: Aug 1 01°42:17.984: %SYS-5-CONFIG_I: 


Configured from console by console 


Aug O01 13742:25 172.16.1.18 137: Aug 1 .01342:46.992: SSYS=5=CONFIG1: 


Configured from console by console 


Aug 01 13:44:59 172.16.3.10 68: Aug 1 01:45:24.693: *LINK-3-UPDOWN: 


Interface BRI0O:1, changed state to down 


Aug 01 13:44:59 172.16.3.10 69: Aug 1 01:45:24.725: SLINK-3-UPDOWN: 


Interface BRI0:2, changed state to down 


Aug 01 13:44:59 172.16.3.10 70: Aug 1 01:45:24.817: SLINK-3-UPDOWN: 


Interface BRIO, changed state to up 


Aug 01 13:45:00 172.16.3.10 71: Aug 1 01:45:25.029: SISDN-6-LAYER2UP: 


Layer 2 for Interface BRO, TEI 102 changed to up 


Aug 01 13:45:00 172.16.3.10 72: Aug 1 01:45:25.201: %ISDN-6-LAYER2UP: 


Layer 2 for Interface BRO, TEI 103 changed to up 


Aug 01 13:45:23 172.16.3.10 73: Aug 1 01:45:48.729: SISDN-6-LAYER2DOWN: 


Layer 2 for Interface BRIO, TEI 102 changed to down 


Aug 01 13:45:23 172.16.3.10 74: Aug 1 01:45:48.733: SISDN-6-LAYER2DOWN: 


Layer 2 for Interface BRIO, TEI 103 changed to down 


Aug 01 13:45:23 172.16.3.10 75: Aug 1 01:45:48.773: SLINK-5-CHANGED: 


Interface BRIO, changed state to standby mode 


Aug 01 13:45:23 172.16.3.10 76: Aug 1 01:45:48.805: sLINK-3-UPDOWN: 


Interface BRI0O:1, changed state to down 


Aug 01 13:45:24 172.16.3.10 77: Aug 1 01:45:48.837: SLINK-3-UPDOWN: 


Interface BRI0:2, changed state to down 


Aug 01 13:46:00 172.16.3.10 78: Aug 1 01:46:24.885: *SYS-5-CONFIG_I: 


Configured from console by console 


Aug O01 13347227 172.16.3.10 80: Awg 1, 01:47:51.733% SFR=5=DLCICHANGE: 


Interface Seriall - DLCI 600 state changed to ACTIVE 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


Aug 


OL Lerate2) 212. 06<.3.10 


81: Aug 1 01:47:51.733: SLINEPROTO-5-UPDOWN: 


Line protocol on Interface Serial1.500, changed state to up 


Of 13473948 272.176.3110 


Configured from console 


OL 13250816. 2725.16.83 ..10 


Configured from console 


OL LT3ros8e38 LIZ. 16.1318 


Configured from console 


OF, 14200825) £72..16<.3).10 


87: Aug 1 01:48:13.345: %SYS-5-CONFIG_I: 


by console 


88: Aug 1 01:50:38.612% sSYS=5=CONFIG_I: 


by console 


138: Aug 1 01259:00.3912 SSYS=5=CONFIG.. 1% 


by console 


89: Aug 1 02:00:49.985: stFR=5=DLCICHANGE: 


Interface Seriall - DLCI 500 state changed to DELETED 


OL 14200236 272.176.1518 


139: Aug 1 02:01:00.914: %FR-5-DLCICHANGE: 


Interface Serial0 - DLCI 600 state changed to INACTIVE 


01 14:00:36 172.16.1.18 


140: Aug 1 02:01:00.914: SLINEPROTO-5-UPDOWN: 


Line protocol on Interface Serial0.600, changed state to down 


O1 14200245 172.16..1.18 


141: Aug 1 02:01:11.014: SLINK-3-UPDOWN: 


Interface BRIO0O:1, changed state to down 


01 14:00:45 172.16.1.18 


142: Aug 1 02:01:11.046: SLINK-3-UPDOWN: 


Interface BRI0:2, changed state to down 


01 14:00:45 172.16.1.18 


Interface BRIO, changed 


01 14:00:46 172.16.1.18 


143: Aug 1 02:01:11.134: SLINK-3-UPDOWN: 


State to up 


144: Aug 1 02:01:11.358: %ISDN-6-LAYER2UP: 


Layer 2 for Interface BRO, TEI 104 changed to up 


01 14:00:46 172.16.1.18 


145: Aug 1 02:01:11.522: %ISDN-6-LAYER2UP: 


Layer 2 for Interface BRO, TEI 105 changed to up 


OL, 14201236 272. 16<..1..18 


146: Aug 1 02:02:00.903: %FR-5-DLCICHANGE: 


Interface Serial0 - DLCI 600 state changed to DELETED 


O01 14202236 L72.16..1518 


147: Aug 1 02:02:01.899: SLINEPROTO-5-UPDOWN: 


Line protocol on Interface Serial0, changed state to down 


NOTE 


At this point, you should be putting to practice many of the CatOS/1OS commands you 
have worked with throughout the book. Once again, your solution should not just be to 
compare running configurations, but rather use a methodical plan. Use the divide-and- 
conquer layered approach and practice commands such as ping, trace, show, clear, 
anddebug. 


Trouble Ticket 5 Frame Relay/ISDN Backup Lab Solution 


Use the following list to make sure you found and fixed all the issues | planned. There may be 
others, too. 


heron (r2) issues: 


e Theno ip split-horizon statement on s1. 


goose (r3) issues: 


You need to add an ip ospf cost statement to interface s0/2. 


The access list is preventing hosta from telnetting to knappsnarrows. 


crab (r5) issues: 


Thebackup interface command was on the main s1 interface rather than the 
subinterface. 


ISDN switch type on interface. 
Data-link connection identifiers (DLCIs). 


Missing service profile identifier (SPI D). 


swan (r6) issues: 


Username statement. 


Authentication was Password Authentication Protocol (PAP) rather than Challenge 
Handshake Authentication Protocol (CHAP). 


Frame Relay compression. 
DLCls. 


Missingdialer-group statement, so no interesting traffic was defined. 


e ip ospf cost statement is too high of a cost. 


ferry (r7) frame switch issues: 


e Incorrect frame DCE statement on sO. 
e Route statements. 


chesapeakebay (s1) issues: 


e Password recovery. 


kentnarrows (s2) issues: 


e Password recovery for secret and telnet passwords. 


When you can successfully console to all devices and telnet to kentnarrows, chesapeakebay, and 
knappsnarrows from hosta, congratulations are in order. Remember to make sure the other 
initial requirements are operational, too. 


NOTE 


| realize that you are used to telnetting from one device to another, but part of the 
requirement for the remaining Trouble Tickets is for you to console directly to devices 
as well. Please do that to make sure you find all the issues | intended. 


Compare your final saved fixed configurations to the tt5 fixed configs file. Add any additional 
notes to your drawing and tables. 


Trouble Ticket 6 VLAN and Spanning-Tree Lab 


Just as loops can occur in the upper layers because of mutual redistribution and improper 
filtering, they can also occur at Layer 2. Back in Chapters 6 and 71! spent some time on the 
Spanning Tree Protocol (STP). STP assists with bridge/ switch loops and it is normally not the 
best practice to just turn it off. As a matter of fact, Cisco performs a per-VLAN STP. VLANs help 
you segment your broadcast domains and use a lesser number of routers while doing so. 
However, the ideal design is still hierarchical in nature. 


In this Trouble Ticket, you are just starting to implement VLANs and are thinking about 
upgrading your 1900 switch. For now, knappsnarrows and hostb are both in the default VLAN 1, 
which requires no configuration on the 1900 on your part except for management IP addressing. 


To prepare for Trouble Ticket 6 you need to make a minor physical change to the topology by 
shutting down the e0/0 interface on the osprey router and port 12 on the knappsnarrows switch. 


Alternatively, just remove the cable between them. Two additional connections are required 
between kentnarrows and knappsnarrows as shown in Figure 10-9. 


Figure 10-9. Trouble Ticket 10-6 VLANs and STP 


[View full size image] 


Wing@ 10 Nowell 4.11 20 
** All ethemets 10 Mbps unless noted, ** ' 
** All serials 1.544 Mbps unless noted. * 
** Password ~ broadcroak ** 


** PF - portiast * 
10.10.10.0724 


Terminal Server (2511) 
$00 1.1.1.8 


Vuk (1) 2514 Pcie 
2 heron (12) 2501 int @0 
3 goose (r3) 3640 
4 osprey (r4) 3620 
5 crab (15) 2616 


| eS a 

VLANI ya2102 rr 

ae oon 

WARe ME" ton Mnps spid? 0(8358661)01 
Sas | 100A Spc? 0(8358663)0! spad2 0(8359664)01 
vv i 172.16.1.43/29 9 2 


VLANIE—— » ae 
r—— bn 


Start your testing from hosta to work toward any major issues. When you can successfully telnet 


to kentnarrows, chesapeakebay, and knappsnarrows from hosta, hostb, and hostc, that is 
definitely an accomplishment. You have finished the labs when you can console directly into the 
devices and copy the configurations to the TFTP server. 


Trouble Ticket 6 VLAN and Spanning-Tree Lab Solution 


Use the following list to make sure you found and fixed all the issues | planned. Obviously there 
may have been others, too. 


General issues: 


e Physically you need two crossover cables between the two switches for redundancy. 
e Hosts tables. 
e Leftovers from previous Trouble Tickets. 
goose (r3) issues: 
e Console speed set to 2400. Change your terminal program settings or telnet in to change it 
back to the 9600 default. 
e fa2/0 administratively shut down. 
e fa2/0 speed. 
e fa2/0 duplex. 
kentnarrows (s2) issues: 
e fa0/12 is missing the switchport mode trunk statement for kentnarrows. Use the show 
interfaces fa0/ 12 switchport command to verify. 
e No default gateway. 
e VLAN1 address should be 172.16.1.42/29. 
e fa0/12 speed. 
e fa0/12 duplex. 


e No STP on VLANI, so what will take care of the Layer 2 redundancy between kentnarrows 
and knappsnarrows? Turn it back on with the spanning-tree vian 1 command. 


Compare your final saved fixed configurations to the tt6 fixed configs file. Add any additional 
notes to your drawing and tables. 


Now that you have completed these challenging Trouble Tickets, go back and review all your 
documentation. | highly recommend you print the supporting files for this chapter and "swim" 
through the Trouble Tickets once again. Practice makes perfect. Shooting internetworking 
troubles is not just something you can pick up a book on and expect to be successful. To 
alleviate your fears, you must put your theory to practical use. 


Review Questions 


Use this chapter and your practical troubleshooting knowledge and skills to answer the following 
questions. The answers are located in Appendix A, "Answers to Review Questions." 


1: The following output was captured during Trouble Ticket 6. Why is fa0/9 in a blocking stat: 


kentnarrows#show spanning-tree vlan 1 

Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8484 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 32768, address 0090.922a.7680 
ROO. POrt 1s 24, COSt of Foot. path as 19 
Topology change flag not set, detected flag not set, changes 1 
Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 

Timers: hello 0, topology change 0, notification 0 

Interface Fa0/1 (port 13) in Spanning tree 1 is down 
Port. path cost. 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 13, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 

Interface Fa0/2 (port 14) in Spanning tree 1 is down 


Port path cost 100; Port priority 128 


Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 14, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/3 (port 15) in Spanning tree 1 is down 


Port path cost 100; Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 15, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/4 (port 16) in Spanning tree 1 is down 


Port. path cost. 100, Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 16, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/5 (port 17) in Spanning tree 1 is down 


Port path cost 100;,. Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 17, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/7 (port 19) in Spanning tree 1 is down 


Port path cost, 100, Port priority 128 


Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 19, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/8 (port 20) in Spanning tree 1 is down 


Port path cost. 100, Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 20, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 


Interface Fa0/9 (port 22) in Spanning tree 1 is BLOCKING 


Port path cost. 19, Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 0090.922a.7680 
Designated port is 27, path cost 0 

Timers: message age 3, forward delay 0, hold 0 


BPDU: sent 11, received 333 


Interface Fa0/11 (port 24) in Spanning tree 1 is FORWARDING 


Port path cost 19, Port priority 128 

Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 0090.922a.7680 
Designated port is 26, path cost 0 

Timers: message age 2, forward delay 0, hold 0 


BPDU: sent 3, received 346 


Interface Fa0/12 (port 25) in Spanning tree 1 is FORWARDING 


Port path cost 19, Port priority 128 


Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 25, path cost 19 

Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 345, received 0 


2: Using the same data in the preceding question, why are fa0/6 and fa0/10 missing? 
3: While troubleshooting Trouble Ticket 6, | unplugged the dongle attached to the network 


interface card (NIC) to see which port the host was connected to. According to the followin 
output and Figure 10-9, which host did! perform this on? 


kentnarrows (config) # 

-Mar 1 03:47:25.507: %SLINK-3-UPDOWN: Interface FastEthernet0/10, 
changed state to down 

-Mar 1 03:47:25.735: SLINEPROTO-5-UPDOWN: Line protocol on 
Interface FastEthernet0/10, changed state to down 

-Mar 1 03:47:43.858: %SLINK-3-UPDOWN: Interface FastEthernet0/10, 
changed state to up 

-Mar 1 03:47:44.773: SLINEPROTO-5-UPDOWN: Line protocol on 


Interface FastEthernet0/10, changed state to up 


4: 


Refer to the following output. Are there any potential issues? 


chesapeakebay> (enable) show port status 

Port Name Status Vlan Level Duplex Speed Type 
1/1 notconnect 1 normal halt 100 100BaseT 
172 notconnect 1 normal half 100 100BaseT 
2/1 disabled 1 normal auto auto 10/100Ba 
212: disabled 1 normal auto auto 10/100Ba 
213 disabled 1 normal auto auto 10/100Ba 
2/4 disabled 1 normal auto auto 10/100Ba 
215 disabled 1 normal auto auto 10/100Ba 
276 disabled 1 normal auto auto 10/100Ba 
ALF disabled 1 normal auto auto 10/100Ba 
2/8 disabled il normal auto auto 10/100Ba 
279 disabled 1 normal auto auto 10/100Ba 
2/10 to hub disabled 1 normal auto auto 10/100Ba 
2/11 to heron disabled 1 normal auto auto 10/100Ba 
2/12 to duck disabled 1 normal auto auto 10/100Ba 


5: What is likely to be the issue with the following output that was captured during Trouble T 
4? 


goose#trace hostc 
Tracing the route to hostc (172.16.1.43) 
1 hoste (172.16.1.43) O msec 

*Mar 1. 00:10:20.670: IP: S=172:16.1.43 (local), d=172.16.1.43 
(FastEthernet2/0), len 28, sending 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43, 
len 28, rcvd 0 

*Mar 1 00:°10:20.670: IP: s=172.16.1.43 (local), G=172.16.1.43 
(FastEthernet2/0), len 56, sending 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43 
(FastEthernet2/0), len 56, revd 3 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (local), d=172.16.1.43 
(FastEthernet2/0), len 28, sending 

*Mar 1 00:10:20.674: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43, 


len 28, rcvd 0 * O msec 


6: Often trace is very much a complementary tool to ping. What is likely to be the issue with 
following output that was captured during Trouble Ticket 4? 


swan#trace kentnarrows 
Tracing the route to kentnarrows (172.16.1.45) 
1 duck (172.16.1.17) 4 msec 4 msec 4 msec 
2 heron (10.10.10.2) 16 msec 12 msec 16 msec 
3 crab (172,.16.2.10) 16 msec 16. msec 16 msec 
4 swan (172.16.3.9) 12 msec 12 msec 12 msec 
9 duck (172.16.1.17) 8 msec 12 msec 12 msec 
6 heron (10.10.10.2) 20 msec 20 msec 20 msec 
7 erab (172.16.2.10) 20 msec 20 msec 20 msec 
8 swan (172.16.3.9) 16 msec 16 msec 20 msec 
9 duck (172.16.1.17) 16 msec 20 msec 16 msec 
10 heron (10.10.10.2) 24 msec 24 msec 28 msec 
11 ¢rab (172.16.2.10) 28 msec 28 msec 28 msec 
12 swan (172.16.3.9) 24 msec 24 msec 24 msec 
13 duck (172.16.1.17) 24 msec 24 msec 20 msec 
14 heron (10.10.10.2) 32 msec 32 msec 32 msec 
15 crab (172.16.2.10) 32 msec 32 msec 32 msec 


16 swan (172.16.3.9) 28 msec 28 msec 28 msec 


7: Analyze the following issue that occurred during Trouble Ticket 4. 


osprey#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 172.16.2.45 202 0090.922a.7680 ARPA Ethernet0/0 
Internet 172.16.2.42 0 Incomplete ARPA 

Internet 172.16.2.41 = 0080.c7yaa.c887 ARPA Ethernet0/0 


8: The swan (2520) and crab (2516) routers both have |SDN BRI ports. Are they S/T or U? 


9: What tool enables you to send traps to a network management system? 


= 


QO: What steps does Cisco recommend in supporting your internetwork? 


Summary 


This chapter offers you an opportunity to give yourself a comprehensive, hands-on review of 
many of the LAN and WAN topics discussed throughout this book. This is a good pre-test and 
post-test exercise for supporting internetworks at the CCNA/CCNP level. It is not and was not 
intended to be at the CCIE level, but perhaps CCIEs will enjoy reliving some issues they have 
already spotted. On the other hand, it wasn't intended to give you page-by-page step-by-step 
instructions either. People learn by doing, and troubleshooting takes practice. It is not just 
something you can read and memorize. You must divide and conquer. Finding the problem you 
are trying to solve is a real battle. If you Know you can't ping or trace from or to a particular 
device or host, for instance, start your troubleshooting there. Define the problem, then isolate, 
and then correct. 


In this book | have identified many tools and resources along with some helpful troubleshooting 

checklists and sample command outputs. Put them to practical use and continue to identify new 

troubleshooting tools that help you with your real-world problems. Think methodology. Leverage 
off of your experiences and the experiences of others to prosper in troubleshooting Cisco routers 
and switches. 


Now for the final question..do you shoot trouble or does trouble shoot you? 
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Chapter 1's Review Questions 


IF 


The Transport Layer is the host-to-host layer in the OSI model and the TCP/IP suite. 
It is in-between the upper and lower layers and depending on the protocol is 
responsible for delivery, error detection, and correction. Describe the upper layers 
of the OSI model and include examples. 


Al: Answer: The upper layers of theOSI model include the following: 
e L7 Application—Service use and advertisement (file and print services, 
e-mail) 


e L6 Presentation—Translation, encryption, and compression (character 
codes, public/ private key, ASCII,J PEG) 


e L5 Session—Dialog, session administration, connection establishment, 
and data transfer (NetBIOS, Sockets, drive mappings) 


eg 


Describe the lower layers of the OSI model and include examples. 

A2: Answer: The lower layers of theOSI model include the following: 

e L3 Network—Logical addressing and routing (I1P,ARP,RARP,I CMP, 
and routers) 


e L2 Data Link—Physical addressing, media access, and frame formats 
(Ethernet, Token Ring, Frame Relay, and switches) 


e L1 Physical—Os and Is, cabling, and signaling (Category 5, RJ -45, 
HSSI, coax, fiber, and hubs) 


bss 


Draw a picture showing the differences between OSI layers and TCP/IP layers. 


A3: Answer: Refer to Figure 1-16,Figure 1-17, andFigure 1-18for pictures 
illustrating the differences between theOSI seven-layer model and the DoD 
five-layerTCP/ IP suite. 


4: Explain encapsulation using the appropriate protocol data unit terminology. 


A4: Answer: For aTCP/ IP-based application, data gets encapsulated in aTCP 
segment, which gets encapsulated in an IP packet, which gets encapsulated 
in an Ethernet frame in order to get to the Physical Layer bits for 
transmission across the medium. 


ie 


Explain de-encapsulation, including how Layer 2 hands off to Layer 3, how Layer 3 
hands off to Layer 4, and so on. 


ky 
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Answer: De- encapsulation is like opening envelopes or presents. Each layer 
reads and carries out the instructions from its peer layer, discards the 
header, and sends the packets up the stack for further processing. The 
Physical Layer passes bits in frames to the Data Link Layer. The Data Link 
Layer uses a type code orSAPto determine which Layer 3 protocol to hand 
off to. The Network Layer uses a protocol number to pass to the Layer 4 
protocol. The Transport Layer uses a port number to send to an upper-layer 
application. 


What is the difference between a hub, switch, and router? 


Answer: A hub is a Layer 1 device that does absolutely no filtering (it spits 
bits). A switch is a Layer 2 device that can assist with collisions and make 
filtering decisions based on physical addresses. A router is a Layer 3 device 
that can assist with collisions and broadcasts and can make filtering 
decisions based on logical addresses. A Layer 3 switch is really a router. 


What is the difference between routed and routing protocols? Give examples of 
each. 


Answer: Routing protocols exchange routes with other routers. Examples 
includeOSPF,BGP,RIP, andEI GRP. Routed protocols deliver packets; they 
send user data. Examples include I P andl PX. 


Describe packet flows through routers. 


Answer: Packet flow is an important concept. Routersrouteto the 
destination network address. They buffer andswitchpackets from the 
inbound interface to the outbound interface within the router. Performance 
is definitely affected by the switching type.Fast switchingrefers to when a 
router does a route table lookup for the first packet toward a destination 
and caches it so that it doesn't have to perform a route table lookup on 
each and every packet. (Imagine the overhead if a router actually performs 
a route table lookup on each and every packet, which is calledprocess 
switchingand is used when you perform such tasks as debug commands.) 
Newer devices offer Cisco Express Forwarding (CEF) as a switching type, 
whereby even the first packet gets cached. Remember these important 
points: Routersroutehop-to-hop, and routersswitchfrom the inbound 
interface to the outbound interface of the router at Layer 3. 


How can the OSI model assist in troubleshooting? 


Answer: TheOSI model helps you take a layered, systematic approach to 
troubleshooting. TheOSI model provides other benefits as well (such as 
inter-operability, standardization, and it enables you to subdivide developer 
tasks without having to alter other layers). For example, those making 
network interface cards (NICs) really don't want to be concerned with what 
upper-layer applications and protocols run over the hardware. However, 

NI Cvendors must be concerned with LAN technologies such as Ethernet 

and Token Ring and what physical specifications (cable and connectors) to 
follow. 


List the seven steps of the Cisco troubleshooting model? 


A100: Answer: The Cisco troubleshooting model is as follows: 


> of PS oS oe 


Define the problem. 

Gather the facts. 

Consider possibilities (based on facts). 
Create an action plan. 

Implement action plan. 

Observe results. 


Document the solution. 


Chapter 2's Review Questions 
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CDP sends and receives neighbor advertisements over multicast address 01-00- Oc- 
cc-cc and uses a proprietary HDLC type value. CDP must run on media that 
supports what? 


Answer:CDPmust run on media that supportsSNAP. 


To match up the following buffer pools with the appropriate sizes (small, middle, 
big, very big, large, and huge), what 1|OS command would you use? 


A. 104 bytes 
B. 600 bytes 
C. 1524 bytes 
D. 4520 bytes 


E. 5024 bytes 


F. 18024 bytes 


Answer: You would use the show buffers command to show the output of 
the buffer pools and their sizes. 


Which support tool can monitor up to all seven layers and is the least stressful on 
the router? 


A. Network monitor 
B. Protocol analyzer 
C. debug 

D. ping 


Answer: A protocol analyzer can monitor up to all seven layers and is not as 
stressful as some other tools on the router. 


List the five categories of network management and give a Cisco example of an 
NMS. 


Answer:! SOhas five categories of network management: fault, accounting, 
configuration and name, performance, and security management. 
CiscoWorks is the Cisco example of anNMS. 


What NMS feature of Cisco's product is a replacement for CWSI? List at least four 
other features that this product is responsible for. 
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Answer: The LAN Management Solution (LMS) contains nGenius Real Time 
Monitor, Campus Manager, Device Fault Manager, Content Flow Monitor, 
CiscoView, and Resource Manager Essentials.LMSis part of the CiscoWorks 
family of products for fault and configuration management and 
troubleshooting of campus LANs and is a follow-on to the CiscoWorks for 
Switched I nternetworks (CWSI) bundle. 


What type of support tool records, displays, and analyzes how a protocol operates 
and gives a layer-by-layer decode? Give an example. 


Answer: A protocol analyzer such as Sniffer Pro or EtherPeek, records, 
displays, and analyzes how a protocol operates and gives a layer-by-layer 
decode. 

Cable testers (Scanners) can be used to test physical connectivity. Many cable 
testers include TDR functionality. What type of device is used to test signal loss with 
fiber cable? 


Answer: An optical time domain reflectometer (OTDR) is used to test signal 
loss with fiber cable. 


What support tool is useful for baselining and continuously tracks packets but 
doesn't decode them? 


Answer: A network monitor is useful for baselining and continuously tracks 
packets but doesn't decode them. 


List at least two proactive and two reactive CCO tools? 


Answer: Proactive (all could be reactive, too) tools: 


e |OS Upgrade Planner 

e Hardware-Software Compatibility Matrix 
e [OS Roadmap 

e DocumentationCD-ROM 

e MarketPlace 

e Cisco Technical Assistance Center (TAC) 


Reactive tools: 


e Bug Navigator (could be proactive, too) 
e Output Interpreter 
e Troubleshooting Assistant 


e Stack Decoder 


Al10: 


Al2: 


Use the numbers 1-4 to match the priority levels with the following severity level. 


- Information needed on product 

- Production network severely degraded 
- Network performance degraded 

- Production network down 


Answer: The correct levels follow: 


Priority Severity 

1 Production network down 

2 Production network severely degraded 
3 Network performance degraded 

4 Information needed on product 


Escalation to Cisco support requires certain tasks. The show tech-support 
command is helpful. You need your equipment and service contract information, and 
you should open a case with specific priority level and case number. What CCO tool 
enables you to open, query, and update a case with TAC? 


Answer: Use the case management toolkit to open, query, and update a 
case withTAC. 


The Cisco Dynamic Configuration tool enables you to look up the specifics of a 
WSC1924A you bought off of eBay. You should quickly find that it is a 24-port, 10- 
MB switch with two 100BASE-TX ports and it is upgradeable to the Enterprise 
Edition. Under which category would you find this on the website? 


Answer: MarketPlace allowed me to look up the specifics of a device using 
the Configuration Tool. Marketplace is also where you can purchase a 
sweater with the Cisco logo. 


Chapter 3's Review Questions 


Les 


fs 


> 
+ 


hey 


\ 


In the RIP scenario, why were you successful with using RIPv2 rather than RIPv1? 


Answer: RI Pv2 is classless, and RI Pv1 is classful. Classless routing 
protocols such as RI Pv2,EIGRP,OSPF, and IS-IS supportVLS Mand 
summarization. All routing protocols support summarization, but the 
classful ones do that ina fixed manner at the class boundary. 


A Cisco router maintains ARP entries much longer than most PCs. How can you 
remove all entries from the ARP cache ona Cisco router? It would be less 
detrimental to all to just remove an entry associated with a given interface. Can you 
do that on a router? On a Windows-based PC? 


Answer: On a router, clear arp does not truly clear the table; instead, it 
refreshes it. Unless in a test environment where it doesn't matter who you 
affect, you should use shut/ no shut to remove the entries associated with a 
given interface. The command arp -dip addresson a Windows-based 
machine allows you to remove an entry at a time. 


Draw a table comparing TCP/IP layers, protocols, applications, and utilities to the 
OSI model. 


Answer: See Table 3-2. 


On a Cisco router, show ip route displays the routing table. What are the numbers 
in brackets []? 


Answer: The numbers in brackets are [administrative distance/ composite 
metric]. 


Subnetting, aggregation, VLSM, CIDR, supernetting, and summarization are all 
about moving bit boundaries. Which one(s) move the network mask bit boundary to 
the right? 


Answer: Subnetting andVLSM. 


Assume you moved into apartment 172.16.3.10 (host address) located at 172.16 
Broad Creek Drive (network address). Other floors in the apartment building are 
numbered 172.16.1.0, 172.16.2.0, and 172.16.4.0. What floor (subnet) are you on? 
What are all the available hosts on that subnet? What is the directed broadcast 
address of your subnet? 


Answer: Because the other subnets are 172.16.1.0, 172.16.2.0, and 
172.16.4.0, you must be on subnet 172.16.3.0. If you perform the binary 
math, you would in fact prove that you are on subnet (floor) 3. The hosts 
(other apartments on your floor) are as follows: 172.16.3.1 through 
172.16.3.254,. 172.16.3.255 is the directed broadcast address for your 
subnet. Again, if you work out the binary, you will see that the first 
available host is the subnet plus one, the directed broadcast is all 1s for the 
host bits, and the last available host is the broadcast address minus one. 
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Compare the protocol and port numbers for telnet, RIP, FTP, and TFTP. 


Answer:RI P(port 520) and TFTP (port 69) are both based onUDP, which is 
IP protocol number 17. Telnet (port 23) and FTP (ports 20, 21) are both 
based onTCP, which is protocol number 6. Refer to Figure 3-13for more 
assistance. 


You can ping by the IP address but not by the hostname. What is a very likely 
problem? 


Answer: Hostname resolution. Check your hosts files andDNSservers. You 
can test this now if you really want. 


You need to forward DHCP requests to another subnet, but you do not want to 
forward NetBIOS communications. Is this possible? 


Answer: The command ip helper- address [DHCP_server_address] is required 
on your local router interface. By default, however, it allows TFTP,DNS, 
Time, two NetBIOS ports, twoDHCPports, and TACACS. You must specify 
which ports you want to forward and then the ports that you don't want to 
forward. To forward fewer than the eight default ports that |P helper opens 
up, you can use the ip forward-protocol udp [port] command for the ports 
you want to forward followed by the no ip forward-protocol udp [port] 
command for the ports you do not want to forward. 


What 10S command enables you to verify that RIP sends broadcast routing updates? 
To what address are broadcast updates sent? 


Answer: debug ip rip shows you that routing updates are sent to 
255.255.255.255. 


Using 192.168.5.0/24, address the network according to the following 
requirements: three LAN segments—one with 125 hosts, one with 50 hosts, and one 
with 25 hosts—and at least two and maybe more WAN segments. 


Answer: | recommended that you start with host requirements, then work 
on your LAN requirements, and then work on the WAN requirements for 
VLSM. Remember that when you are solving for host bits, they are 0 bits. 
You should draw this out like Figure A-1to understand the scenario and to 
truly see the bits: 


e Start with the maximum number of hosts and solve forx. 2 *>= 125 
hosts is 7 host bits. Note the seven 0 host bits in Figure A- lwhere | 
assign 192.168.5.128/ 25 to the 125-host subnet. 


e UseVLSMfor subnet 0 to continue. Solve forx. 2 *>= 50 hosts to arrive 
at 6 host bits. Note the six host 0 bits in Figure A-1lwhere | assign 
192.168.64.0/ 26 to the 50-host subnet. 


e UseVLSMfor subnet 0 to continue. Solve forx. 2 *>= 25 hosts to arrive 
at 5 host bits. Note the five host 0 bits in Figure A- lwhere | assign 
192.168.32.0/ 27 to the 25-host subnet. 


e Now that you have calculated the host and LAN segement 
requirements, useVLSMsubnet 0 out to a / 30 mask to maximize the 


WAN links. The WAN links can use 192.168.5.0/ 30, 192.168.5.4/ 30, 
192.168.5.8/ 30, and so on as illustrated in Figure A-1. 


Figure A-1. 


192.168.5.0/24 


Calculations 

1 Host Requirements 
2 LAN Requirements 
3 WAN Requirements 


192, 168.5.128/25 (125 hosts) 
2*> 125 =7 Zero Bits 


192. 168.5.64/26 (50 hosts) 
2* > 50 = 6 Zero Bits 
192. 168.5.32/27 (25 hosts) 
2*> 25-5 Zero Bits 


t £ FE ££ & £€CRA 192. 168.5.0/30 (WAN) 
192. 168.5.4/30 


You are having a problem with three subnets connected via two Cisco routers. Each 

router can ping its own interfaces but can't get to the far side of the other router. So 
you decide to putin the appropriate default route statement, but things still are not 
operational. You are not running routing protocols because default routes serve this 
scenario well. Can you spot the issue? 


Answer: You should draw this out and label the subnets to give you a 
picture of the problem. Alternatively, you can assume the scenario to be 
hosta connected to rl, rl connected to r3, and hostc connected to r3. 
Obviously, this could be any number of things, and | would like to stress 
once more to use a structured approach such as in Chapter land to divide 
and conquer to help you spot the particular issue. In looking at your 
configurations, you found no IP classless, so in effect your default routes 
were not working. After you turned on IP classless, you could route. 


Chapter 4's Review Questions 


What |OS command assists in determining detailed information if the router is propagati 


What |OS command assists in determining detailed information if the router is propagati 


What is the difference between the Novell internal IPX number and the Novell external IP 


Answer: The internall PXnumber is a logical network inside the Novell server. Th 


on a Cisco router. The internal network can also be configured on Cisco routers i 
features such as | PXWAN orNLSP. The externall PXnumber is the wire |D analog: 


1: 
Al: Answer: debug ipx routing activity 
2: 
A2: Answer: debug ipx sap activity 
oF 
A3: 
4: 


Fill in the following table with the missing Cisco and Novell encapsulation names. 


Cisco Encapsulation Novell Frame Type | Description Novell 
ARPA Ethernet_Il EtherType pointer to Layer 3 NetWar 
NetWar 
SAP Length field NetWar 
802.2 LLC SAP pointer to Layer 3 | NetWar 
Novell- Ether Length field = netw 
Ethernet_SNAP Length field SNAP d: 

802.2 LLC SAP 

SNAP header 

Serial links All vers 


A4: Answer: See Table 4-5 


5: What type of packet does Figure 4-18 display? What form of Cisco encapsulation is used? 


Figure 4-18. Review Question 5 
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[]| 4 LOOP: Reply Receipt =0 Olt 1488 1.572.426 
J|5 RIP: response; 1 network, 346648E2 at 1 hop 700:30.040) 1.119.385 
[| 6 LOOP: Reply Receipt =0 700:26.194) 3.845.451 
(| 7 LOOP: Reply Receipt =0 700:21.160) 5.034.464 
H 8 IPX: Ping Type = 0 (Rqst) ID = 0=9308 700:19.023) 2.137.100 

3 IPX: Ping Type = 1 (Rsp) ID = 0x9308 :00:19.022| 0.000.327 
(| 10 IPX: Ping Type = 0 (Rqst) ID = 0x2C10 :00:19.019) 0.003.352 
5 11 IPX: Ping Type = 1 (Rsv) ID = 02C10 :00:19.019! 0.000.287 
=) DLC: DLC Header 


Lf} DLC: 
hLJ DLC: Frame 2 arrived at 13:57:03.2591: frame size is 310 (0136 hex) bytes. 
i Lj DIC: Destination = Multicast 01000CCCCCCC 


L 3 DLC: Source = Station Ciscol8D6705 
bL} DLC: 902.3 length = 296 
il} DLC: 
a-¥ LLC; ————- LLC Header —-—— 
| LEZ Lie: 
LQ ILC: DSAP Address = AA, DSAP IG Bit = 00 (Individual Address) 
[J LLC: SSAP Address = AA, SSAP CR Bit = 00 (Command) 


L3LLC: Unnumbered frame: UI 


{| tf ILC 

=-&) SNAP SNAP Header 

| fi} SNAP: 

| Lf) SNAP: Vendor ID = Ciscol 

| jf} SNAP: Type = 2000 (CDP) 

| Lf} SNAP: 

Bey CDP Cisco Discovery Protocol (CDP) Packet 
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Answer: Frame 2 is aCDPmulticast packet. The encapsulation is CiscoSNAP, whic 
andSNAPheaders. 


Explain the difference between Cisco ping and 1PX ping. Which one is the default? Why w 
How do you change the default? 


Answer: The default ping is a Cisco ping that usesI PXprotocol number 2. Thel P» 
number 0x9086. Cisco ping works fine for your Cisco devices, but yourl PXdevice 
proprietary nature. 


MTU is negotiated by NCP. It is 1500 for a local Ethernet segment and 576 bytes for the i 
verify this? 


A7: 


Answer: Technically,MTUis not being negotiated; rather, it is a per-interface attr 
"big packet" request/ response, the end-to-endNCPsegment size is negotiated. f 
interfaces (see the following output) or show tech-support commands display it 


show interfaces 


EthernetO is up, line protocol is up 
Hardware is Lance, address is 0000.0c8d.6705 (bia 0000.0c8d.6705) 
Description: rleO to hosta and hostb 


MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 


Theroute print command displays the routing table on a PC. How can you see this inforr 
RIP? How about on a Novell server? 


Answer: View the routing table using the show ipx route command on the route! 
the Novell server. 


How do you configure IPX RIP on a Cisco router? 


Answer: Configure the ipx routing global command and specify the wire IDs ont 
network [wireid] command for each directly connected network. 


Why doesn't |PX need ARP? 


Answer:ARPis not needed inl PXbecause the host address is already part of the n 
Network.node:socket. 


Explain the following address: 

12345678.0000.0000.0001: 0451 

Answer: I nternall PXaddress:socket. 

How does | PX RIP find the best path to another network? How does this differ from IP RI 


Answer:!| PXRI Pmetrics are ticks/ hops. IP metrics are hops. Both are limited to 1 


13: Inthe chapter scenario, hosta is a Windows 2000 box. What command gives you the dis} 


Figure 4-19. Review Question 13 


NWLink IPX Routing and Source Routing Control Program v2.60 


Num Name Network Node Fr 
i. Posey eget 66686516 66104ba5ae5@ (8) 
2. Local Connection 66688516 680104ba5ae5@ (8) 
a5 NDISWANI PX 60086886 eBfc28524153 [E 


A13: Answer: Type ipxroute config at the hosta command prompt to see the network 
and frame type information on thel PXclient. 


Chapter 5's Review Questions 


How would a user complain to you about an incorrect frame type issue? 

Answer: For an incorrect frame type issue, | would expect to hear things from tt 
print," "I can't get to my file," "I don't see anything in Network Neighborhood," 
drive specification," "I don't have a drive F," and so on. 


What is the EtherType and SAP for Novell IPX? How does the receiving station recognize 


Answer: EtherType is 8137, andSAPis e0. The checksum hex bytes OxFFFF are fea 
recognition. (See Figure A- 4andFigure A-5.) 


Figure A-4. IPX EtherType 
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[_]}152 HOSTB O.FFFFFFFFFFFF |NSAP: C Find nearest File server 
153 Cisco1l8D6705 Ciscol8D6705 LOOP; Reply Receipt =0 
154 00507307D076 00507307D076 LOOP: Reply Receipt =0 
155 (192.168.5.17] |[224.0.0.10] EIGRP: Hello AS=500 
156 [192.168.5.17] |[224,.0,.0.10] EIGRP: Hello AS=500 
.]}157 (192.168.5.17] |[224.0,0.10) EIGRP: Hello AS=500 
H 158 Cisco18D6705 Cisco18D6705 LOOP: Reply Receipt =0 
159 00507307D076 00507307D076 LOOP : Reply Receipt =0 
J} 160 HOSTB O.FFFFFFFFFFFF (NET: Find name GWISE<20> 
(J) 161 HOSTB O.FFFFFFFFFFFF |IPX: S=552 D=551 (IPX) 
162 HOSTB O.FFFFFFFFFFFF |IPX: S=552 D=551 (Novell IPX WAN Broadcast) 
163 HOSTB pee eeeerees NET: Find name GWISE<20> 
164 HOSTB O.FFFFFFFFFFFF |IPX: S=552 D=551 (Novell IPX WAN Broadcast) 
165 (192.168.5.17] |[224.0.0.10] EIGRP: Hello AS=500 
J])166 HOSTB O.FFFFFFFFFFFF |IPX: S=552 D=551 (Novell IPX WAN Broadcast) 
[_]| 167 HOSTB O.FFFFFFFFFFFF |NET: Find name GWISE<20> 
LJ|168 HOSTB O.FFFFFFFFFFFF |IPX: S=552 D=551 (Novell IPX WAN Broadcast) 
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DLC; -—---—- DLC Header 

& Dic: 

G DLC: Frame 160 arrived at 21:50:46.7029; frame size is 94 (O005E hex) bytes, 
LADLC: Destination = BROADCAST FFFFFFFFFFFF, Broadcast 

me DLC: Source Station Xircm2AAC887 

v Sthertype = 8137 (Novell) 

3 DIC: le 


BY IPx:; -—— IPM Header 


LA IPX: Checksum = OxFFFF 
LJ IPX: Length = 80 
(AIPX: Transport control = 00 


[4 TPX: annan = Reasarved 
Ooooo00g: fF £¥ £E ff A ff ££ yyyy rv . livy 
00000010: 00 50 00 04 00 OO OO OO ££ ££ ££ ££ FF Ff 04 55 P...., . y¥¥¥¥yY 5; 


Oooo0020: 00 00 00 00 00 80 c7? aa cB 87 04 55 OO O1 48 4f .... .1C#EI.U..HO 
00000030: $3 54 42 20 20 20 20 20 20 20 20 20 20 O00 42 52 STB .BR 
00000040; 4f 41 44 43 52 45 45 4b 20 20 20 20 O00 O01 47 57 OADCREEK .. GW 


Annnnnen. 49 £9 AC 9n 39N 9 n_9n_ 9h 9N 9N 9n 9n 9N Tcv 


For Help, press Fi al sf 


Figure A-5. IEEE SAPs 
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IBM SWA Path Control (imdividest) 

IBM SA Path Control (group! 
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7 Cisco - LSAP List - Microsoft Internet Explorer 


File Edit Yiew Favorites Tools Help 
‘Back » => ~ @& [2] G}| Asearch (GgFavorites meda <%) ~ S fl - SE] | 
Address fa http://www. cisco,com/warp/public/473/111_12,html 


IEEE-Administered LSAPs: 


Address (Hex) Assignment 


00 Null LSAP 

02 Individual LLC Sublayer Momt Function 

03 Group LLC Sublayer Momt Function 

06 ARPANET Internet Protocol (IP) 

OE PROWAY (IEC955) Network Momt ¢ Initialization 
42 IEEE 802.1 Bridge Spanning Tree Protocol 

4E EIA RS-511 Manufacturing Message Service 

7E IsO 8206 (X.25 over IEEE 802.2 Type 2 LLC) 

BE PROWAY (IEC9S55) Active Station List Maintenance IN 
aL Sub-Network Access Protocol (SNAP) 

FE ISO Network Layer Protocol 

FF Global LSAP 


Manufacturer-—Implemented LSAPs 


04 IBM SNA Path Control (individual) 
os IBM SNA Path Control (group) 

18 Texas Instruments 

80 Xerox Network Systems (XNS) 

86 Nestar 

98 ARPANET Address Resolution Protocol (ARP) 
BC Banyan VINES 

EO Novell Netware 

FO IBM NetBIOS 

F4 IBM LAN Management (individual) 
FS IBM LAN Management (group) 

F8 IBM Remote Program Load (RPL) 

Fa Ungermann-Bass 

o7 IP 

08 SNA 

09 SNA 

ac SN 

oD SN 

10 Netware 

43 BPDU 


How do you know when an Ethernet network needs to be upgraded? 


Answer: Yes, your users will tell you, but | hope you are one step ahead of that | 
monitoring the load with a good network management program. You should be | 
multiple users, protocols, other devices, and all application requirements. Upgra 
always a good thing to do, but good use of switches to segment your existing er 
collision domains assists in the cost of the upgrade process, too. Know your net 
throughput, and capacity. Look at your interface statistics and calculate the coll 
collisions by the output packets. This is a tough question to answer in just a few 
you should plan for upgrades. 


What does the following error message indicate: "% CDP-4-DUPLEXMISMATCH: Full/half c 
Answer:CDPdetected a duplex mismatch between Cisco devices, but it is up to y 


Will communications occur if the port on one side of the link is set to full-duplex and the 
How about if there is a speed mismatch? 


Answer: Yes, it will probably work, but this situation of mismatched duplex sett 
issues. On the other hand, mismatched speeds will not communicate at all. 


True or false: Fast Ethernet can carry more than 1500 bytes of data in the payload. 
Answer: False. Unfortunately Fast Ethernet does not increase the data packet si: 


What types of housekeeping traffic would you expect on the wire with Ethernet in a netw 
scenario? (Refer back to Figure 5-1.) 


Answer: Routing protocol traffic such as theEI GRPhellos via multicast address 2: 
and keepalives ata minimum. 


When should you clear the counters on an Ethernet interface? How do you clear the coun 
Answer: Clear counters when you want to look at what is happening for a specif 
fixing problems. Use the Cisco 1OS command clear counters to clear all interface 
clear counters eO to clear just the counters for the eO interface. 


Compare DIX Ethernet to |EEE Ethernet 


Answer:DI XEthernet (or Ethernet II) uses a 2- byte type field to link to Layer 3.I 
valid length field but uses anl EEESAPto point to Layer 3. (Refer back to Figure 5 


What frame type carries CDP packets? How do you know? 
Answer:CDPusesl EEE802.3 frame format with aSNAPheader. (Refer back to Figu 
What command shows you the Layer 2 address for Ethernet on a Microsoft client? On a C 


Answer: Issue winipcfg or ipconfig / all on the client for the |P parameters andM 
interfaces [interface] on a Cisco router to see theMACand other statistics. 


Are collisions an issue in full-duplex Ethernet? Why or why not? 
Answer: No. Collisions are not an issue in full-duplex Ethernet because the share 


point-to-point connection, whether via a crossover cable or to a switch, is requii 
on the medium. 


Chapter 6's Review Questions 


he 


On the 1900, portfast is enabled on the 10-Mbps ports and disabled on the uplink ports. | 
this? If so, how? Give a practical example of using portfast. 


Answer: Portfast is enabled by default on the 10-Mbps ports in the assumption t 
ports on the 1900. I tis not enabled on the 100-Mbps uplink ports (ports A and E 
connect to another switch or server. The commands on the 1900 are as follows: 
select a port, and then h for portfast mode. Refer back to Table 6-7for portfast c 
other devices. All host ports should be enabled for portfast. Specific examples in 
can't find a domain controller or aDHCPserver or a Novell client who never gets 


What command outputs the following on a 2900 CatOS: 


* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry. 
X = Port Security Entry 


VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type] 


1 OO=90=92=2a=76= 94. 1/1 [ALL] 
1 00-80-c7-aa-c8-87 1/2 [ALL] 
il OO=50=04=dt=5r=3¢ 1/2 [ALL] 
al 00-d0-79-68-84-8d 1/2 [ALL] 
it 00-b0-64-81-e3-00 2/3 [ALL] 


Answer: The command is show cam dynamic on a CatOS box. 
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What command outputs the following on an |OS-based switch: 


Dynamic Address Count: 7 
Secure Address (User-defined) Count: 0) 
Static Address (User-defined) Count: 0 
System Self Address Count: Si) 
Total MAC addresses: 44 
Maximum MAC addresses: 8192 


Non-static Address Table: 


Destination Address Address Type VLAN Destination Port 


0010.4ba5.ae50 Dynamic 1 FastEthernet0/12 
0010.ffe5.17fd Dynamic 1 FastEthernet0/12 
0010.ffe5.17ff Dynamic 1 FastEthernet0/12 
0050..04d£.. 5i3¢ Dynamic 1 FastEthernet0/1 
0080.c7aa.c887 Dynamic 1 FastEthernet0/11 
0090 .922a. 7696 Dynamic 1 FastEthernet0/11 
00b0.6481.e300 Dynamic 1 FastEthernet0/12 


Answer: The command is show mac-address-table on an 1OS box. 

Is a port receiving traffic if it is in the STP blocking state? 

Answer: Yes, a port is receiving traffic if it is in the blocking state, but it does nc 
MACs or forward any frames. The port is blocked bySTPas to not cause a loop at 
However, it must still listen for BPDUs so that it can automatically become activ: 
device fails. 


What are the STP state transitions? 


Answer: See Figure 6-6for the followingSTPstate transitions: disabled, blocking, 
learning, and forwarding. CompareSTPtoRSTPinTable 6-6. 


How do you view the speed and duplex settings on a router or |OS-based switch? Ona C 


Answer: See Table 6-7. show interface on an 1OS based switch, and show port o 
switch. 


It is common practice to use loopbacks for testing. Can you be sure that a loopback addr 
Answer: The following output shows sending the log to an internal buffer on r3, 
(shut/ no shut), and then reviewing the log. This type of logging is quite helpful 


and less overhead on the device than logging to the console. It clearly displays | 
to shut down a loopback. 


r3#configure terminal 

r3 (config) #line console 0 

r3 (config-line) #logging buffered 

r3 (config-line) #interface loopback 10 
r3 (config-if) #shut 

r3 (config-if) #end 


r3#show ip interface brief 


Interface IP-Address OK? Method Status Pr 
FastEthernet2/0 192.168.5597 YES NVRAM up ur 
Loopback10 192 .168:.6..100 YES NVRAM administratively down dc 


r3#show log 
Syslog logging: enabled (0 messages dropped, O flushes, 0 overruns) 


Console logging: level debugging, 69 messages logged 


Monitor logging: level debugging, 0 messages logged 
Buffer logging: level debugging, 7 messages logged 
Trap logging: level informational, 73 message lines logged 


Log Buffer (4096 bytes): 


03:46:39: %SYS-5-CONFIG_I: Configured from console by vty0 


(192 5168:..5159'9)) 


03:46:55: SLINEPROTO-5-UPDOWN: Line protocol on Interface Loopbackl10, 


03:46:57: SLINK-3-UPDOWN: Interface Loopback10, changed state to up 


03:46:57: %SYS-5-CONFIG_I: Configured from console by vty0 


(192.160: 5:5 99) 


03:47:22: SLINK-5-CHANGED: Interface Loopback10, changed state to administ 


03:47:23: SLINEPROTO-5-UPDOWN: Line protocol on Interface Loopbackl10, 


03:47:34: %SYS-5-CONFIG_I: Configured from console by vty0 

r3#!!!ouch someone can shut down a loopback 

r3#configure terminal 

r3 (config) #interface loopback 10 

r3 (config-if) #no shut 

r3(config-if) #end 

r3#show ip interface loopback 10 

Loopback10 is up, line protocol is up 
Internet address is 192.168.6.100/28 
Broadcast address 1s 255:.255..2595..255 
Address determined by non-volatile memory 


MTU is 1514 bytes 


(1925168: 51599) 


8: 


beg 
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| issued the following show interface command on the 2900 CatOS box to view the mar 
and its parameters. What is the 192.168.5.111 address? 


sw2900> (enable) show interface 

s10: flags=51<UP, POINTOPOINT, RUNNING> 
slip 0.0.0.0 dest 0.0.0.0 

scO: flags=63<UP, BROADCAST, RUNNING> 


vlan 1 inet 192.168.5.98 netmask 255.255.255.240 broadcast 192.168 


Answer: Do the math. 192.168.5.111 is the broadcast address for subnet 192.16 
mask is 240 in the last octet, which means 4 bits were borrowed. The lowest 1 k 
the increment for the subnets. You are using subnet 96. The first address on the 
the router, which is .97. If you add 16 to the subnet, the next subnet is 112. One 
next subnet is the broadcast address for the current subnet. Remember that all : 
1s for the broadcast address. 


Encoded Address Recognition Logic (EARL) is an ASIC that works with the bus arbitratior 


in a Catalyst 5000. Ethernet ports use a custom ASIC called _=——s——S. Other ports us 
called 


Answer: Ethernet usesSAI NTand other ports useSAGE. 


You are at a host and attempt to telnet to a switch. The following message appears: 


Password required, but none set 


Connection to host lost. 


What's the issue? 


Answer: No vty password has been set. Although a password is not required on 
normally is required for telnet access. This is because login is the default on vty 
the issue by supplying a password or by removing the login on the vty lines witt 
command. 


Assume your environment to be what it is now for the chapter scenario. On hosta you tyr 
tracert 192.168.5.103. How many hops to the destination? 


Answer: Hops are router hops. Everything on this side of the router is on the sar 


(broadcast domain) although there are different collision domains. The followine 
illustrates the one hop: 


C:\>tracert 192.168.5.103 
Tracing route to: HOSTC [192.168.5103] 
over a maximum of 30 hops: 
al <10 ms <10 ms <10: ms. HOSTC: [(192.1664.5<103] 


Trace complete. 


Chapter 7's Review Questions 


Ee 


hy 


|= 


hey 


Compare ISL to 802.1Q. 


Answer: When a frame goes out an! SLtrunk, it gets encapsulated by 
tagging it with a 26-bytel SLheader and another 4-byteCRCtrailer. 
Therefore, it is possible for an Ethernet frame to be 1518 + 30 = 1548 
bytes.I SLtrunks can carry not only Ethernet traffic, but also Token Ring 
and FDDI, due to thereserved fieldin thel SLheader. 


Unlike the Cisco proprietaryl SL,I EEE802.1Q offers multivendor VLAN 
multiplexing support. As shown in Figure 7-5,I1SLis more of an 
encapsulation (external tagging), whereas 802.1Q is an internal frame 
tagging method of VLAN identification. 


Can you change the management VLAN? 


Answer: Yes, you can change the management VLAN. However, some 
switches require it to be VLAN1. For example, on a CatOS box, use the set 
int scOvlan# ipaddress subnetmaskcommand. 


Why should you use a separate management VLAN? 


Answer: Always use a separate management VLAN to isolate user problems. 
If a broadcast storm occurs, it could spread throughout the entire VLAN. On 
the management VLAN, this would eventually cause drastic CPU overload. 
Protocol traffic such asCDP,VTP, and PAgP use VLAN1. You do not want 
your other management traffic such as telnet, SNMP,VMPS, Syslog to 
interfere if you can help it. The management traffic uses whatever VLAN 
that is assigned to the scO port.STPis sent on each VLAN. If the Supervisor 
CPU is saturated by processing broadcasts in the management VLAN, it may 
not be able to keep up withSTPBPDUs. 


What does a transparent mode-configured Catalyst do with a VTP update message? 


Answer: A transparent mode-configured Catalyst ignoresVTPupdate 
messages unless it has trunk ports configured so that it can act as an 
intermediary and flood the frame to other switches. 


You incorrectly associated port 8 with VLAN8, so you issue the following command: 
clear vlan 8 to clear the port from VLAN8 and back to the default VLAN1. However, 
the port status is still showing as inactive. How can you fix this issue? 


Answer: You need to associate port 8 with VLAN1. Although all ports 
originally start in VLAN1, when you change them to another VLAN they do 
not automatically go back to VLAN1. Instead they are sitting in an inactive 
state. 
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The lab technician was nice enough to give you his switch to replace a production 
switch that you were having problems with. He quickly clears all the VLANs on the 
switch and hands it over to you. When you plug the switch into your network, you 
quickly realize that all your other VLANs disappear. Where did you go wrong? Is 
there anything you can do to avoid such issues? 


Answer: Evidently, the lab switch had the highest revision number; 
therefore, you just learned how to play "vlan wipeout" and have lots of 
unhappy users. Sounds like lots of work, but perhaps beforehand you 
should have made sure your switches were either using allVTPtransparent 
mode or a couple ofVTPservers with mostlyVTPclients. If you would have 
just reset theVTPdomain name on the lab switch, you would have been 
fine. 


You want to verify that you configured portfast on the 3512XL port faO/2. How can 
you accomplish this? 


Answer: sh spanning-tree int fa0/ 2. Alternatively, you could look at the 
configuration file. Likewise on the 2900 CatOS switch, you could check the 
portfast status of hostc using sh port spantree 1/2. 


Routing provides 
connectivity. 


connectivity, whereas trunking provides __ 


Answer: Routing provides inter-VLAN connectivity, whereas trunking 
provides intra-VLAN connectivity. 


There are three major steps for working VLANs. What are they? 


Answer: 1. Create and define aVTPdomain. 2. Create the VLAN. 3. 
Associate a port(s) with the VLAN. 


Can VLANs assist with people trying to Sniff the network? 


Answer: Yes, VLANs can assist with people trying to Sniff the network. 
Remember VLANs are subnets. The VLAN ports are switch ports, which in 
fact have a certain level of security on their own. You must configure port 
monitoring before you can run a protocol analyzer. 


In a router-on-a-stick configuration, as in the chapter scenario, what would you 
expect to be the first hop if hosta were to tracert to hostc? 


Answer: In a router-on-a-stick configuration, all inter-VLAN traffic goes 
through the stick. Therefore, in the chapter scenario that is 192.168.5.30 
for VLAN1. 


Chapter 8's Review Questions 


ie 
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Can a single Frame Relay PVC be assigned different DLCIs on each end of a virtual 
circuit? 


Answer: Yes. The termto knowis "locally significant," which means that a 
particularDLClis significant only on the link between two frame devices. 
Think of DLCIs as the speed- dial numbers stored in your cell phone. 


What are the three possible states for a Frame Relay PVC? Explain. 


Answer: Refer to Table 8-2and Trouble Ticket 4. The three possible states 
for aPVCare active, inactive, and deleted. 


What is the result if one end of the PVC is set to the default Cisco LMI type and the 
other end is set to ANSI or Q933A? 


Answer: As long as the Frame Relay switch attached to the local router is 
configured for the same LMI, thePVCworks just fine. Remember that LMI is 
the signaling between the router and local frame switch, not an end-to-end 
function. 


Can you ping yourself in Frame Relay? Why or why not? 


Answer: On point-to-point interfaces, yes. On multipoint interfaces, 
however, Frame Relay isNBMA, and in a hub-and-spoke topology there is 
no mapping for yourself. Certainly you could put in a map statement for 
yourself if you really wanted to make this happen. 


Headquarters is connected to several branch office routers through a Frame Relay 

cloud. You know for a fact that the hub router is version 12.1, but you are not sure 
about all the remotes. Keepalive activity is occurring at most of the remote offices 

but not all of them. What should you check? 


Answer: Work through the layers. The physical connection is fine, but you 
are not receiving any kind of signal from a couple of pretty old existing 
sites. Perhaps the remote routers are something less than 1OS 11.2 and 
need LMI configured on them. The command is frame-relay Imi-type [cisco | 
ansi | q933]. 


Headquarters is connected to several branch office routers through a Frame Relay 
cloud. The engineer at one of the branch offices is having problems communicating 
with another branch office. How can you help him out? 


AG: 


hey 
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Answer: Determine how the branch office is communicating. Determine 
whether the engineer can ping the other branch offices. Take a methodical 
approach and work through the layers, addressing the following points: 

e Find out whether the interfaces are up. 

e Check ports and cables. 

e Are you getting LMI? 

e Is there an encapsulation mismatch? 

e Are the DLClIs active and assigned properly? 

e Is there a static or dynamic mapping problem? 

e Did you forget the broadcast keyword for the routing updates? 

e Do you have a route? 

e Do you have split- horizon issues? 


e Are there any ACLs? 


Explain the output of show frame-relay map in the following example: 


rl#show frame-relay map 
Seriall (up): ip 192.168.5.6 dlci 104(0x68,0x1880), dynamic, 


broadcast,, status defined, active 


Answer: The show frame-relay map example indicates that s1 is up.DLCI 
104 (68 in hex) maps to 192.168.5.6 using InverseARP. It displays 
dynamic, broadcast by the default nature of |!nverseARPand thePVCis 
active. 


You have decided to contact your service provider about getting a higher CIR to 
allocate more bandwidth because you have been experiencing consistent problems 
with dropped packets due to congestion on the PVC. What command did you use to 
determine this? 


Answer: The show frame-relay pvc command is helpful in checking dropped 
packets and FECNs and BECNs. The presence of FECNs and BECNs does not 
necessarily indicate that frames were dropped by the service provider. That 
depends on how they police. If the service provider is generous and only 
marks excess frames asDE, you may make out fine. 


In an all-Cisco-shop Frame Relay, Cisco encapsulation is fine. What Frame Relay 
encapsulation type is available for other vendors? 


Answer: The Frame Relay encapsulation types are the default Cisco and 
| ETFfor other vendors. 


Point-to- point subinterfaces are often used in configuring Frame Relay to avoid the 
routing issues with main interfaces and multipoint configurations. Do you need an IP 
address on the main interface if using point-to-point subinterfaces? 


Answer: You should not configure an IP address on the main interface when 
configuring Frame Relay point-to-point subinterfaces. If one is configured, 
you Can use no ip address to remove it and configure each subinterface with 
an address from a different subnet. 


How does a router get a DLCI? 
Answer: Data-link connection identifiers (DLCIs) can be learned via Inverse 
ARPor manually configured. If manually assigned, you get theDLCI 


assignments from the service provider. 


You are attempting to fix a bad IP address on a Frame Relay interface, but the 
mapping is still showing the old address. What should you do? 


Answer: The clear frame-relay-inarp command clears the dynamic Inverse 
ARPtable. 


Chapter 9's Review Questions 
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Why do interface resets occur? 


Answer: Interface resets occur when the interface has been completely reset, w 
normally is from cabling or signaling issues. The system resets the interface 
automatically if it sees that the physical interface is up, but the line protocol is c 
Carrier transitions occur when an interruption in signal occurs. |fDCDgoes down 
then back up, for example, that is two transitions. If they continue to increase, « 
the cabling or other attached hardware. If output drops also increase, the proble 
may be congestion. 


True or false: The ISDN signaling protocol is LAPB for the D channel. 


Answer: False. LAPB is for X.25.LAPDis the signaling protocol for thel SDND char 
Thel SDNB channels are for data, voice, and video and useHDLCorPPPencapsulat 


The modem control leads on show interfaces sO are quite helpful for troubleshooting. L 
keeps changing state. What else on the interface statistics would you expect to be increa: 
Look at Example 9-13 if you need to see a display of the modem control leads. 


Answer: The modem control leads are quite helpful for troubleshooting. I f theDC 
keeps changing state, the carrier transitions may in turn drop and reset the line 
the failure to output queued packets. 


Your router has a native ISDN BRI port. Is this device a TE1 or TE2? 


Answer: If your router has a nativel SDNport, it is a TE1. A TE2 is a router or PC 
without anl SDNport that connects via a terminal adapter. Review Figure 9-7and 


Figure 9-8. 
What is the difference between Multilink PPP and dial backup? 


Answer: MultilinkPPPis used to aggregate traffic over multiple channels 
simultaneously. Dial backup is having a secondary link for when the primary fail 
They are not the same. 


6: Use the first HDLC scenario as a guide. Can you spot the issue in the following output: 


c3# 
03:03:49: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for SerialC 
03:04:03: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for Serial 


03:04:18: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for SerialC 


03:04:32: IP-EIGRP: Neighbor 192.168.9.18 not on common subnet for SerialC 


r5#show ip interface brief 


Interface IP-Address OK? Method Status Px 
BRIO unassigned YES unset administratively down dc 
BRIO:1 unassigned YES unset administratively down dc 
BRIO:2 unassigned YES unset administratively down dc 
Ethernet0O unassigned YES unset administratively down dc 
Loopback8 be Bree me Pao) YES manual up ur 
SerialO LOA 1663 93.18 YES manual up ur 
Serial0.101 W723 1:6) 285.6 YES manual deleted dc 
Seriall unassigned YES unset administratively down dc 
co#F 


03:04:01: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for SerialC 


03:04:15: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for SerialC 


03:04:29: IP-EIGRP: Neighbor 192.168.9.13 not on common subnet for SerialC 


A6: Answer: sO was configured for .18 rather than .14. Obviously both ends of a wir 


be on the same subnet: 


r5#configure terminal 
r5 (config) #interface s1 
r5(config-if) #shut 


03:04:43: IP-EIGRP: Nei 


ghbor 192.168.9.13 not on common subnet for Serial( 


r5(config-if) f#encapsulation hdlc 


r5(config-if)#ip address 192.168 


03:04:57: IP-EIGRP: Nei 


r5(config-if)#no shut 


r5(config-if) #end 


~9.18 255.255.2552 


ghbor 192.168.9.13 not on common subnet for Seriald 


r5#show ip interface brief 


03:05:04: SSYS-5-CONFIG 


03:05:05: SLINK-3-UPDOWN: 


Interface 


BRIO 


BRIO:1 


BRIO:2 


Ethernet0O 


Loopback8 


SerialO 


Serial0.101 


Seriall 


ee 


IP-Address 


unassigned 


unassigned 


unassigned 


unassigned 


S96 Di:5 


192..168.9..14 


172 16.286 


unassigned 


Interface Seriall, 


Configured from console by console 


changed state to up 


OK? Method Status 


YES 


YES 


YES 


YES 


YES 


YES 


YES 


YES 


unset 


unset 


unset 


unset 


manual 


manual 


manual 


unset 


administrativel 


administrativel 


administrativel 


administrativel 


up 


up 


deleted 


ly down 


ly down 


ly down 


ly down 


administratively down 


Al4: 


Throughout the chapter you experienced multiple carrier transitions. What command is v 
helpful in helping you figure out the issues with this problem? 


Answer: To assist with finding the issues related to carrier transitions, you shou 
target the lower layers. First, look at show interfaces, and controllers may be of 
help. You can watch the actual keepalive activity with the debug serial interface 
command. 


You have a high-speed Ethernet that is sending packets faster than the ISDN link can kee 
with. How can you improve performance? 


Answer: There are many ways to improve performance. You could try bringing u 
second B channel forlSDN. If necessary you can disable fast switching. 


When are floating static routes appropriate? 


Answer: Floating statics are used as a backup static route to a routing protocol. 
administrative distance is set higher than the routing protocol so that the floatir 
static is not used unless the routing protocol entry is not in the table. 


When using the backup interface method to back up a circuit, do you place the backur 
interface command under the primary or secondary interface? 


Answer: The backup interface command goes under the primary interface 
configuration. Refer to Example 9-31. 


You are controlling the backup interface using the backup delay 10 60 command. What 
numbers 10 and 60 correspond to? 


Answer: The backup delay 10 60 command says that the backup link will be up : 
seconds after the primary link fails and the backup link will go down 60 seconds 
the primary comes back up. 


Your ISDN phone bill is a lot more than you expected, but you have interesting traffic set 
appropriately with an access list. lt seems that when you finish transferring your files ov 
ISDN link, the link doesn't go down. It stays up until you manually bring it down. What d 
forget? 


Answer: Configure the dialer idle-timeout command. 

Including synchronization and framing, what is the total bandwidth for |SDN BRI? 
Answer: There are two B channels that are 64 kbps each, which equals 128 kbps 
the D channel at 16 kbps to give you 144 kbps. Add the 48 kbps for synchroniza 
and framing for a total of 192 kbps. 

Can you use one 64 kbps B channel to handle backup for multiple T1s? 

Answer: Yes, you can you use one 64-kbps B channel to handle backup for multi 


T1s by way of dialer profiles. Dialer profiles give you this type of flexibility by 
separating the logical configurations from the physical interfaces. 


Chapter 10's Review Questions 


1: The following output was captured during Trouble Ticket 6. Why is fa0/9 in a blocking ste 


kentnarrows#show spanning-tree vlan 1 

Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol 
Bridge Identifier has priority 32768, address 00d0.7968.8484 
Configured hello time 2, max age 20, forward delay 15 
Current root has priority 32768, address 0090.922a.7680 
ROOL. port, Gs .24, cost Of rook path is 19 
Topology change flag not set, detected flag not set, changes 1 
Times: hold 1, topology change 35, notification 2 

hello 2, max age 20, forward delay 15 

Timers: hello 0, topology change 0, notification 0 

Interface Fa0/1 (port 13) in Spanning tree 1 is down 
Port path. cost 100,, Port, praority 128 
Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 13, path cost 19 


Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 0, received 0 
Interface Fa0/2 (port 14) in Spanning tree 1 is down 
Port path cost 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 14, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/3 (port 15) in Spanning tree 1 is down 
Port: path cost 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 15, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/4 (port 16) in Spanning tree 1 is down 
Port. path cost 100, Port. priority 128 
Designated root has priority 32768, address 0090.922a.7680 
Designated bridge has priority 32768, address 00d0.7968.8484 
Designated port is 16, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/5 (port 17) in Spanning tree 1 is down 
Port path cost 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 17, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/7 (port 19) in Spanning tree 1 is down 
Port. path cost 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 19, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/8 (port 20) in Spanning tree 1 is down 
Port: path cost 100, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 20, path cost 19 
Timers: message age 0, forward delay 0, hold 0 
BPDU: sent 0, received 0 
Interface Fa0/9 (port 22) in Spanning tree 1 is BLOCKING 
Port. path Gost 19), Port .prioraty 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 0090.922a.7680 


Designated port is 27, path cost 0 
Timers: message age 3, forward delay 0, hold 0 
BPDU: sent 11, received 333 
Interface Fa0/11 (port 24) in Spanning tree 1 is FORWARDING 
Port. path cost 19, Port priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 0090.922a.7680 


Designated port is 26, path cost 0 
Timers: message age 2, forward delay 0, hold 0 
BPDU: sent 3, received 346 
Interface Fa0/12 (port 25) in Spanning tree 1 is FORWARDING 
Pork. path cost 19, Port. priority 128 
Designated root has priority 32768, address 0090.922a.7680 


Designated bridge has priority 32768, address 00d0.7968.8484 


Designated port is 25, path cost 19 
Timers: message age 0, forward delay 0, hold 0 


BPDU: sent 345, received 0 


Al: Answer: faO/ 9 (port 22) is in a blocking state because there are redundant Laye 
links. Look at Figure 10-9to see the two additional cables added to build in this 
redundancy. When there is a topology change, this port may no longer be blocke 

2: Using the same data in the preceding question, why are fa0/6 and fa0/10 missing? 


A2: Answer: Fa0/6 and faO/ 10 are missing because they are not in VLAN1. They are 
VLAN3 and VLAN2, respectively. 


3: While troubleshooting Trouble Ticket 6, | unplugged the dongle attached to the network 


interface card (NIC) to see which port the host was connected to. According to the follow 
output and Figure 10-9, which host did! perform this on? 


kentnarrows (config) # 

-Mar 1 03:47:25.507: SLINK-3-UPDOWN: Interface FastEthernet0/10, 
changed state to down 

-Mar 1 03:47:25.735: SLINEPROTO-5-UPDOWN: Line protocol on 
Interface FastEthernet0/10, changed state to down 

-Mar 1 03:47:43.858: SLINK-3-UPDOWN: Interface FastEthernet0/10, 
changed state to up 

-Mar 1 03:47:44.773: SLINEPROTO-5-UPDOWN: Line protocol on 


Interface FastEthernet0/10, changed state to up 


A3: Answer: While troubleshooting Trouble Ticket 6, | unplugged the dongle attache 
the hostaNICto see which port it was connected to. | had configured the VLAN1 
interface on kentnarrows with a duplicate IP of its gateway. The results were qu 
interesting; goose could get to hosta, but kentnarrows could not. | found the iss 
when | tried to copy the configurations to the TFTP server when things were 
supposedly fixed. 


4: 


Ad: 


Refer to the following output. Are there any potential issues? 


chesapeakebay> (enable) show port status 


Port Name Status Vlan Level Duplex Speed Type 
1/1 notconnect 1 normal half 100 100Base 
1/2 notconnect 1 normal half 100 100Base 
271. disabled i normal auto auto 10/100E 
2/2 disabled 1 normal auto auto 10/100E 
273 disabled 1 normal auto auto 10/100E 
2/4 disabled 1 normal auto auto 10/100E 
2/5 disabled i normal auto auto 10/100E 
2/6 disabled 1 normal auto auto 10/100E 
2/7 disabled 1 normal auto auto 10/100E 
2/8 disabled A normal auto auto 10/100E 
2/9 disabled if normal auto auto 10/100E 
2/10 to hub disabled 1 normal auto auto 10/100E 
2/11 to heron disabled 1 normal auto auto 10/100E 
2/12 to: duck disabled 1 normal auto auto 10/100E 


Answer: The output displays the show port status command on the 2900 CatOS 
The ports are all disabled as it appears, but nothing happens if you enable the p: 
The real issue is that the ports are on module 2. 1f you were to issue a show moi 
you would see that module 2 is disabled. To fix the issue, you can type set modu 
enable on the chesapeakebay CatOS switch. 


5: What is likely to be the issue with the following output that was captured during Trouble 
4? 


goose#trace hostc 
Tracing the route to hoste (172.16.1.43) 
1 hoste (172.16.1.43) 0 msec 

*Mar 1 00:10:20:670: IP: S=172.16.1.43 (local), d=172.16.1..43 
(FastEthernet2/0), len 28, sending 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43, 
len 28, rcvd 0 

‘Mar 1, 00:10:20:.6702 IP: s=172.16.1.43 (local), d=172.16.1..43 
(FastEthernet2/0), len 56, sending 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43 
(FastEthernet2/0), len 56, revd 3 

*Mar 1 00:10:20.670: IP: s=172.16.1.43 (local), d=172.16.1..43 
(FastEthernet2/0), len 28, sending 

*Mar 1 00:10:20.674: IP: s=172.16.1.43 (FastEthernet2/0), d=172.16.1.43, 


len 28, rcvd 0 * O msec 


A5: Answer: The output shows the source and the destination address to be one and 
same. | suspect there was a duplicate I P issue. 


6: Often trace is very much a complementary tool to ping. What is likely to be the issue witt 
following output that was captured during Trouble Ticket 4? 


swan#trace kentnarrows 
Tracing the route to kentnarrows (172.16.1.45) 
1 duck (172.16.1.17) 4 msec 4 msec 4 msec 
2 heron (10.10.10.2) 16 msec 12 msec 16 msec 
3 crab (172.16.2.10) 16 msec 16 msec 16 msec 
4 swan (172.16.3.9) 12 msec 12 msec 12 msec 
5 duck (172.16.1.17) 8 msec 12 msec 12 msec 
6 heron (10.10.10.2) 20 msec 20 msec 20 msec 
7 erab (172.16.2.10) 20 msec’ 20 msec. 20 msec 
8 swan (172.16.3.9) 16 msec 16 msec 20 msec 
9 duck (172.16.1.17) 16 msec 20 msec 16 msec 
10 heron (10.10.10.2) 24 msec 24 msec 28 msec 
11 crab (172.16.2.10) 28 msec 28 msec 28 msec 
12 swan (172.16.3.9) 24 msec 24 msec 24 msec 
13 duck (172.16.1.17) 24 msec 24 msec 20 msec 
14 heron (10.10.10.2) 32 msec 32 msec 32 msec 
15 e¢rab (172.16.2.10) 32 msec 32 msec 32 msec 


16 swan (172.16.3.9) 28 msec 28 msec 28 msec 


A6: Answer: When trace continues to list the same routers over and over, you can bi 
there is a loop somewhere. This particular issue dealt with the mutual redistribu 
and lack of filtering. Distribute lists, passive interfaces, and route maps are help 
eliminate these types of issues. 


ey 


Analyze the following issue that occurred during Trouble Ticket 4. 


osprey#show arp 


Protocol Address Age (min) Hardware Addr Type Interface 
Internet 172.16.2.45 202 0090.922a.7680 ARPA Ethernet0/0 
Internet 172.16.2.42 0 Incomplete ARPA 

Internet. L72.16.2.41 = 0080.c7aa.c887 ARPA Ethernet0/0 


Answer: When the osprey router looked for 172.16.2.42, it did not find it. TheM/é 
address for 172.16.2.41, which was osprey e0/ 0 at the time, was manually 
configured with theMACaddress of hostb. 


The swan (2520) and crab (2516) routers both have ISDN BRI ports. Are they S/T or U? 
Answer: The swan (2520) and crab (2516) routers both havel SDNS/ TBRI ports. 
They both connect into an NT1. When an external NT1 is used, the router ports < 
S/ T, which connect to the NT1, which connects via the U ports to anl SDNswitch. 
Alternatively in my scenario, the 804 could have been used forl SDN. It has U po 
and would plug directly into thel SDNswitch. 

What tool enables you to send traps to a network management system? 


Answer:SNMPenables you to send traps to a network management system. You 
configure communities, enable traps, and identify theSNMPserver via | P addres: 


What steps does Cisco recommend in supporting your internetwork? 


A10: Answer: Cisco recommends the following methodology for troubleshooting 
internetworks: 
e Define the problem. 
e Gather the facts. 
e Consider possibilities based on facts. 
e Create an action plan. 
e Implement the action plan. 
e Observe the results. 


e Document the solution. 


Appendix B. Troubleshooting Resources 


This appendix contains useful information you may find helpful both in understanding how things 
work and in the troubleshooting process. The information here is intended to supplement the 
chapters in this book and give you more detail regarding the following topics: 

e Rebooting a Router 

e Configuration Register Fields 


e Password Recovery Procedures 


e Software Upgrades 


Rebooting a Router 


Supporting Cisco devices requires that you understand how the devices actually work (and boot, fo 
matter). At the CCNA and CCNP level, you have become very familiar with the different modes of o 
user mode, privileged mode, global configuration mode, interface mode, router configuration mode 
on. That is not enough. Depending on the device, different things occur at boot time. 


This section is not at all meant as a replacement for Cisco.com but instead is intended to give you j 
idea of what happens when you reboot a router. For troubleshooting purposes, for instance, you ne 
how to display boot parameters, know what configuration file and software image the device is loo 
upon startup, and know how to manually adjust this. 


Figure B-1 is taken directly from Cisco.com and gives you a flowchart approach as to what happen: 
boot a router. You can find this and more detailed boot information at 


www.cisco.com/univercd/ cc/td/doc/product/software/ios120/12cgcr/fun_c/fcprt2/fcreboot.htm#xt 


Figure B-1. Rebooting a Router 
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Figure B-2 displays configuration register settings. Configuration register changes today are prima 
software, whereas in older days you had to remove the cover and set hardware DIP switches. The | 
(lowest and rightmost 4 bits of the 16-bit register) determines whether the router loads an operati 
image, and if so, where it obtains the |OS or OS image as follows: 

e OxO— ROMMON 


e Ox1— RxBoot (or bootflash memory on higher-end models) 


e Ox2 to OxF— Normal router boot. Looks at boot system commands in the startup configurati: 
then the first file in Flash memory. 


Figure B-2. Cisco Config-Register Fields 
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You can force the router to stop booting and enter ROMMON mode, where you can set the configur. 
register to boot the router manually. Assuming the Break key has not been turned off, you can issu 
sequence within the first 60 seconds from a console or telnet session. It is always good practice to 
exactly where the Break key is located on the PC you are using and to test the break sequence witt 
terminal emulator software you choose. 


View the configuration register with show version, confreg, or if in ROMMON use the o paramete 
config- register global command to change how the router boots. To schedule a reload of the syst 
to occur at a later time to avoid interrupting operations immediately (within 24 hours), you can ust 
following methods: 


e reload inhh:mm [text] 


e reload athh:mm [month day|day month] [text] 


NOTE 


The command reload at requires the system clock to be set. |ssue a show reload to display 
reload schedule. You can cancel with reload cancel. 


Configuration Register Fields 


Understanding the boot parameters is pretty important for support tasks such as enabling or 
disabling the Break key, setting the baud rate, booting an alternative image, password recovery, 
and upgrading the image software. Take a few minutes to review the configuration register bits 
inFigure B-2. Use show version to see what your config-register is set to and lookup the value 


inFigure B-2. 


The config-register Boot field determines how the router boots. ROMMON and RxBoot (bootflash) 
are two different implementations of the |OS subset. Be aware, however, that not all models 
have RxBoot to act as a boot helper. ROMMON performs a diagnostic check and either keeps the 
device in ROMMON (> or rommon>) or loads RxBoot (router(boot)>). ROMMON only provides 
you with one-letter commands. Boot helper mode keeps the device in rxboot or bootflash, where 
it has host-mode functionality and checks the startup-config or loads the fully functional |OS 
(router>). 


Password Recovery Procedures 


Password recovery procedures are very well documented at Cisco.com, but | have included a step- 
step procedure for the devices used throughout this book and more for your convenience. Ona pra 
note, the most common problem with password recovery on any device is issuing the correct break 
sequence from your particular terminal emulation software. See 
www.cisco.com/warp/public/701/61.html for a very informative table of break sequences for many 
terminal emulation programs. Other issues relate to understanding the modes of the device, the 
configuration register settings, the hardware/software particulars for the different devices, and mo 
importantly having console access. 


NOTE 


You can find detailed password recovery procedures at 
www.cisco.com/warp/public/474/index.shtml. 


Cisco 2500, 3000, 4000, 7000 Series Devices 


For such devices as the Cisco 2000, 2500, 3000, 4000, AccessPro, 7000 (RP), AGS, IGS, and STS-: 
platforms, the password recovery procedure is as follows: 


1. Establish a console session using the following settings: 


10) 


Speed 9600 bits per second 


o 8 data bits 


(e) 


0 parity bits 
o 1 stop bit 


o No flow control 
2. Turn off the router, and then turn it back on using the power switch. 


3. Execute the break sequence (such as Ctrl+Break) within the first 60 seconds of startup to forc 
router into ROMMON mode. 


NOTE 


While practicing password recovery, you must be able to issue a break sequence for 

successful password recovery. It is critical you know how your terminal emulator issues a 
break. For example, HyperTerm and SecureCRT use the Ctrl+Break key sequence, where< 
ProComm and TeraTerm use Alt+B. Some versions of Windows NT have a problem sendin 


a break signal using older versions of HyperTerm; visit www.hilgraeve.com for upgrades. 
4. View the configuration register by typing the letter o at the > prompt. Usually the configurati 
register is 0x2102 or 0x102, but you should record the value so that you can change it back li 


5. Change the configuration register to ignore the startup-config (contents of NVRAM, nonvolatil 
random-access memory) and initialize the router by issuing the following commands: 


rl>o/r 0x2142 


rl>i 


6. The router should reboot and go into setup where it ignores the startup configuration all toge 
Press Ctrl+C to break out of setup. Go to enable mode using the enable command, but do no 
yet. 


NOTE 


It is best practice to copy your configuration to Notepad or another editor in case you wer 
to lose it. 
7. Typecopy startup- config running-config or config memory. Do not type copy run start 
write mem or you will lose your entire configuration. 


8. Now you can hack the password by viewing the running configuration with show running-co 
orwrite terminal. Unencrypted passwords can be re-used, whereas encrypted ones need to t 
replaced. 


NOTE 


During a password recovery procedure, you may or may not be able to view your 
passwords in clear text. If the enable secret was configured, for instance, the only 
recovery is to configure a new value due to the MD5 encryption. If the enable password 
was configured (and service password-encryption is off), however, password recovery 
merely a visual inspection of the existing password. Also note that all of your interfaces al 
shut down during the password recovery procedures. 

9. Make the necessary changes, including changing your passwords, changing the configuration 

register back to normal, bringing up your interfaces, and saving your configuration as follows 


rl#configure terminal 

rl(config) #enable secret<password> 
r1(config) #config-register 0x2102 
rl(config) #interface ethernet 0 
rl(config-if)#no shut 
rl(config-if) #interface ethernet 1 
rl(config-if)#no shut 
r1l(config-if) #interface serial 0 
rl(config-if)#no shut 
rl(config-if) #interface serial 1 


r1l(config-if)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 


10. Verify that it works by reloading and testing the various passwords. It is possible that you ma 
have to hack more than one password, such as the enable secret, the enable password, th 
user- mode password (line con QO), the telnet password (line vty O 4), or the auxiliary passw: 
(line aux 0). 


11. For more information, Cisco has great documentation on password recovery 
www.cisco.com/warp/public/474/index.shtml. 


Cisco 1600, 1700, 2600, 3600, 4500, 4700, 5500, and 6000 IOS Series Devic 


For such devices as the Cisco 1600, 1700, 2600, 3600, 4500, 4700, 5500RSM, and 6x00 platforms 
password recovery procedure is as follows: 


1. Establish a console session using the following settings: 
o Speed 9600 bits per second 


o 8 data bits 


o O parity bits 


o 1 stop bit 


o No flow control 
2. View the configuration register by typing show version if possible. Usually the configuration 
register is 0x2102 or 0x102, but you should record the value so that you can change it back |i 


3. Turn off the router, and then turn it back on using the power switch. 


4. Execute the break sequence (such as Ctrl+Break) within the first 60 seconds of startup to forc 
router into ROMMON mode. 


NOTE 


While practicing password recovery, you must be able to issue a break sequence for 
successful password recovery. It is critical you Know how your terminal emulator issues a 
break. HyperTerm and SecureCRT use the Ctrl+Break key sequence, for example, wherea 
ProComm and TeraTerm use Alt+B. Some versions of Windows NT have a problem sendin 
a break signal using older versions of HyperTerm; visit www.hilgraeve.com for upgrades. 
In the practical environment, you should maintain backup configurations as a routine to 
prepare for the unexpected. 

5. Change the configuration register to ignore the startup-config (contents of NVRAM) by typing 

confreg 0x2142 at the ROMMON prompt. 


NOTE 


On the Catalyst 6000 running native |OS after you power cycle the box, the switch 
processor (SP) boots up first, and then after a short amount of time (about 25 seconds) it 
transfers console ownership to the route processor (RP or Multilayer Switch Feature Card 
[MSFC]). You must issue the break sequence just after the SP has given over control of th 
console to the RP; otherwise, you end up in ROMMON mode on the SP, which is not where 
you should be. Send the break after you see the following message on the console: 


00:00:03: % OIR-6-CONSOLE: Changing console ownership to route processor 


Then the password recovery is the same as a router. 
6. Typereset so that the router reboots with the full |OS but ignores the startup configuration. 


7. Besure to answer no to all setup questions or just press Ctrl+C to break out of the setup afte 
router reboots. Go to enable mode using the enable command, but do not exit yet. 


8. Typecopy startup-config running-config or config memory. Do not type copy run start 
write mem or you will lose your entire configuration. 


NOTE 


It is best practice to copy your configuration to Notepad or another editor in case you wer 
to lose it. 
9. Now you can hack the password by viewing the running configuration with show running-coa 


10. 


11. 


12. 


orwrite terminal. Unencrypted passwords can be re-used, whereas encrypted ones need to t 
replaced. 


NOTE 


During a password recovery procedure, you may or may not be able to view your 
passwords in clear text. If the enable secret was configured, for example, the only 
recovery is to configure a new value due to the MD5 encryption. If the enable password 
was configured (and service password- encryption is off), however, password recovery 
merely a visual inspection of the existing password. Also note that all of your interfaces al 
shut down during the password recovery procedures. 

Make the necessary changes, including changing your passwords, changing the configuration 

register back to normal, bringing up your interfaces, and saving your configuration. 


Verify that it works by reloading and testing the various passwords. It is possible that you ma 
have to hack more than one password, such as the enable secret, the enable password, th 
user mode (line con 0) password, the telnet password (line vty O 4), or the auxiliary (line < 
0) password. 


For more information, Cisco has great documentation on password recovery at 
www.cisco.com/warp/public/474/index.shtml 


Cisco 2900, 5000, and 6000 CatOS Series Devices 


For such devices as the Cisco 2900, 5000, and 6000 CatOS platforms, the password recovery proce 
is as follows: 


1. Establish a console session using the following settings: 


Speed 9600 bits per second 


10) 


8 data bits 


oO 


o O parity bits 

o 1 stop bit 

o No flow control 
Be sure to have all password data handy because you only have 30 seconds to enter the data 
you start. You can copy and paste your responses if that is faster. 


Turn the device off, and then turn it back on using the power switch. 


At the Catalyst console press the Enter key to enter a null password. You only have 30 second 
do so. 


Typeenable to enter enable mode. Once again, press the Enter key to enter a null password. 
is still part of the first 30 seconds. 


6. Change the passwords using the following commands: 


o Set pass 


Press the Enter key for the old password, and then type in what you want the new passv 
to be. Type the new password again when prompted to verify it. 


o Set enable 


Press the Enter key for the old password, and then type in what you want the new passv 
to be. Type the new password again when prompted to verify it. 


NOTE 


Because time is of the essence, | recommend you use the shortened versions of set 
password and set enablepass as listed in Steps 5 and 6. Keep in mind that you can put 
in anything for the new passwords during the recovery process and then change them aft 
the fact. |f you exceed the time limit, you must reboot the device and start over. 
7. These devices automatically write their changes to NVRAM, so to test them out you can just rt 
to user mode and then try your new passwords. 


8. For more information, Cisco has great documentation on password recovery at 
www.cisco.com/warp/public/474/index.shtml. 


Cisco 2900XL, 3500XL, 2950,and 3950 IOS Series Devices 


For such devices as the Cisco 2900XL, 3500XL, 2950, and 3550 IOS platforms, the password recov 
procedure is as follows: 


1. Establish a console session using the following settings: 


[e) 


Speed 9600 bits per second 


o 8 data bits 


10) 


0 parity bits 
o 1 stop bit 


o No flow control 
2. Unplug the power cable from the back of the switch. Press and hold the mode button on the le 
side of the front panel while reconnecting the power cable. 


3. Release the mode button a couple of seconds after the LED above the first port on the switch 
longer illuminated. You should get a message about the system being interrupted prior to the 
file system initializing. (With a 1900 switch, the steps are similar up to this point.) 


10. 


11. 


12. 


13. 


14. 


NOTE 


If you feel like you are hugging your equipment rack with one hand on the power cord ani 
the other on the mode button, chances are you are performing this operation correctly. If 
you had previously enabled boot enable-break on the switch, however, it will respond t 
a break like a router. 

Typeflash_init to reset the console speed to 9600. 


Typeload_ helper. 
List the files in Flash memory by typing dir flash:. The default configuration is config.text. Ty 
more flash:config.text to view the configuration. If your passwords are not encrypted, you 


enter them as normal and you are done. If they are encrypted, continue to the next step. 


Rename the configuration file using the following syntax: rename flash: config.text 
flash:config.old. 


Now boot the system with the boot command. 


Answern for no to start the setup and continue the configuration. Go to enable mode using thi 
enable command, but do not exit yet. 


Rename the configuration file back to what it was originally: rename flash: config.old 
flash:config.text. 


Copy the configuration file to memory with config mem or copy flash:config.text 
system:running- config. Accept config.text as the source and running-config as the destinat 
filenames. 


Change your passwords as appropriate using the global configuration commands such as ena 
passwordnewpassword or enable secretnewpassword. 


Save your configuration using write memory or copy running-config startup-config. 


For more information, Cisco has great documentation on password recovery at 
www.cisco.com/warp/public/474/index.shtml. 


As you can see, password recovery takes some coordination for it to work properly, especially for y 
not to lose your existing configuration. | compiled the basic steps for the most common Cisco route 
switch devices into Table B-1. Download this from the website for this book and keep it with all you 
other documentation. 


Table B-1. Donna's Password Recovery Guidelines 


| 2000, 2500, 3000, 4000, 
| 7000 


1600, 1700, 2600, 3600, 
4500, 4700, 5500, 6000, 7500 | 


CatOS 2900, 5000, 6000 Switches 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow 
| control. 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow 
control. 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow control. 


| 2. Power cycle and press 
Break key* within first 60 
seconds. 


2. Power cycle and press Break 
key* within first 60 seconds. 


2. Power cycle. Within first 30 seco 
press Enter for user password, get 
enable mode, and also press Enter 
enable password. 


| 3. Observe and record 
config-register. Normally 
| Ox2102.>0 


3. Observe and record config- 
register. Normally 0x2102. 
rommon1>confreg 


3. Change the passwords as usual | 
set pass and set enablepass. 


4. Change config-register to 
ignore startup-config 
(NVRAM). 


>o/ r 0x2142 


Then initialize with >i 


4. Change config register to 
ignore startup-config 
(NVRAM). 

>confreg 0x2142 


>reset 


4. Since these devices write their c 
automatically you should only need 
test your passwords. 


5. Press Ctrl+C to break out 
of setup mode. 


5. Follow Steps 5-9 for the 
2000, 2500, 3000, 4000, and 


7000 to the left. 


6. From enable mode, type 
copy start run but do not 
exit. (Old command is 
config mem.) 


| 2900XL, 3500XL, 2950, 3550 Switches 


7. Restore the config- 
register and bring up all 
interfaces. 


r1(config)#config-reg 
0x2102 


r1(config)#int sO 


r1(config-if)#no shut 


1. Establish console session. 


9600b, 8d, Op, 1s, no flow control 


(If you had previously enabled boot- enable break, the device wou 
respond like a router and you could follow the procedures from ther 


8. Record or change the 
passwords. 


r1#sh run (or sh config) 
rl#config t 


r1(config)#enable pass 
donna 


r1(config)#enable secret 
harrington 


r1(config)#line vty 0 4 
r1(config-line)#passdonna 


r1(config-line)#end 


2. Unplug the power cable from back of switch. Reconnect while you 
hold the front panel mode button. Release the mode button a coupl 
seconds after the first port on the switch is no longer illuminated. Y« 
should see a message about the system being interrupted prior to tl 
Flash memory file system initializing. 


9. Save the configuration 
and reload. 


rl#copy run start (or wr 
mem) 


rl#reload 


r1#sh version 


3. Type flash_init and then type load_ helper. You can list the files 
flash with dir flash:, and the default configuration is config. text. 


4. Type more flash:config.text to view the passwords. If not 
encrypted, you are done. If encrypted, go to Step 5. 


5. Rename the configuration file as follows: 


rename flash: config.text flash: config .old. 


6. Boot the system with the boot command. Answer n for no to star 
setup. Go to enable mode by typing enable, but do not exit. 


7. Rename the configuration file to its original name as follows: 


rename flash: config.old flash: config.text. 


8. Copy the configuration file to memory with the config mem or c 
flash:config.text system:running-config command. Accept 
config.text as the source and running-config as the destination 
filenames. 


9. Change the passwords. 
enable passworddonna 


enable secretharrington 


10. Save your configurations. 


copy run start (or wr mem) 


Use my password recovery guidelines to get comfortable with performing this procedure on your la 


devices now. It is best to have done this a few times at leisure instead of when you are under time 
constraints.Examples B-1 through B-4 illustrate four of my devices. 


Sample Password Recovery on a 2520 Router 


Example B-1. Password Recovery on a 2520 


!!'!console to r6 via terminal server 

!!!power cycle and press Ctrl1+Break 

ro#System Bootstrap, Version 11.0(10c), SOFTWARE 
Copyright 1986-1996 by cisco Systems 

2500 processor with 6144 Kbytes of main memory 
Abort at Ox11195C6 (PC) 


!!!this is rommon mode 


>? 
$ Toggle cache state 
B [filename] [TFTP Server IP address TFTP Server Name] 
Load and execute system image from ROM or from TFTP server 
C [address] Continue execution [optional address] 


D/SMLV Deposit value V of size S into location L with modifier M 


E/SML Examine location L with size S with modifier M 
G [address] Begin execution 

H Help for commands 

I Initialize 

K Stack tracé 

L [filename] [TFTP Server IP address TFTP Server Name] 


Load system image from ROM or from TFTP server, but do not 
begin execution 


O Show configuration register option settings 


P Set the break point 
S Single step next instruction 


T function Test device (? for help) 


Deposit and Examine sizes may be B (byte), L (long) or S (short). 
Modifiers may be R (register) or S (byte swap). 

Register names are: DO-D7, AO-A6, SS, US, SR, and PC 

>o 


Configuration register = 0x2102 at last boot 


Bit# Configuration register option settings: 

1S Diagnostic mode disabled 

14 IP broadcasts do not have network numbers 

pls: Boot default ROM software if network boot fails 


12=11 Console speed is 9600 baud 


10 IP broadcasts with ones 

08 Break disabled 

O7 OEM disabled 

06 Ignore configuration disabled 

03-00 Boot file is cisco2-2500 (or ‘boot system' command) 


>o/r 0x2142 

ep | 

System Bootstrap, Version 11.0(10c), SOFTWARE 

Copyright 1986-1996 by cisco Systems 

2500 processor with 6144 Kbytes of main memory 

F3: 10001304+224024+561968 at 0x3000060 
Restricted Rights Legend 


Use, duplication, or disclosure by the Government is 


Cisco Internetwork Operating System Software 


IOS (tm) 2500 Software (C2500-JS-L), 


Version 12.0(9), RELEASE SOFTWARE (fcl) 


!!'t!tthis is setup mode, press Ctrl+Break to get out of it 


--- System Configuration Dialog --- 


Would you like to enter the initial configuration dialog? [yes/no]: 


Press RETURN to get started! 


!!!tnote that all interfaces are down 


00:01:07: SLINK-5-CHANGED: 


00:01:07: SLINK-5-CHANGED: 


00:01:07: SLINK-5-CHANGED: 


00:01:07: SLINK-5-CHANGED: 


00:01:07: SLINK-5-CHANGED: 


Router>en 


Router#copy start run 


1818 bytes copied in 11.320 sécs 


Interface 


Interface 


Interface 


Interface 


Interface 


BRIO, changed state to administratively down 


Ethernet0O, 


SerialO, 


Seriall, 


Serial2, 


Router#!!!this is a router of the box config 


Destination filename [running-config]? 


changed state to administrativel 
changed state to administrativel 


changed state to administrativel 


(165 bytes/sec) 


ro#!!!do not exit or you will lose your config and have to start over 


ro6#con£t t 


r6 (config) #config-register 0x2102 


r6(config) #int sO 


r6(config-if) #no sh 


r6(config-if) #int sl 


r6(config-if) #no sh 


r6(config-if) #int e0 


r6(config-if) #no sh 


r6(config-if) tend 


changed state to administratively 


ly do 


ly do 


ly do 


r6#clock set 8:28:00 Dec 29 2002 
!!'!view the passwords 


r6é#sh run 


enable secret 5 $1$YfpO$nxSLFSgyqcUzwObhDyCfVv0 


line con 0 

logging synchronous 
transport input none 
line aux 0 

line vty 0 4 
password recoverme 


login 


end 

ré#conft t 

r6(config) #enable secret donna 
r6(config) #line vty 0 4 
r6(config-line) #pass donna 

r6 (config-line) tend 

ré#copy running-config startup-config 


r6#sh ver 


Configuration register is 0x2142 (will be 0x2102 at next reload) 


r6#reload 


Proceed with reload? [confirm] 


Press RETURN to get started! 


r6>sh ver 


Configuration register is 0x2102 


Sample Password Recovery on a 3620 Router 


Example B-2. Password Recovery on a 3620 


r3#!!!console to r3 via terminal server 
r3#!!!power cycle and press Ctr1l+Break 


r3#System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fcl) 


oPC = Oxbfc0a024, Cause = 0x2000, Status Reg = 0x3041f003 
C3600 processor with 49152 Kbytes of main memory 
Main memory is configured to 64 bit mode with parity disabled 
PC = Oxbfc0a024, Cause = 0x2000, Status Reg = 0x3041f003 
monitor: command "boot" aborted due to user interrupt 
rommon 1 > !!!this is rommon mode 
rommon 2 > confreg 

Configuration Summary 
enabled are: 
load rom after netboot fails 
console baud: 9600 
boot: image specified by the boot system commands 

or default to: cisco2=C3600 

do you wish to change the configuration? y/n  [n]: 
rommon 3 > confreg 0x2142 


You must reset or power cycle for new config to take effect 


rommon 4 > reset 


Gl 


System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fcl) 
0C3600 processor with 49152 Kbytes of main memory 

Main memory is configured to 64 bit mode with parity disabled 

program load complete, entry point: 0x80008000, size: 0x678bd4 

Self decompressing the image 


Heat aE aE HE aE HE aE aE aE aE a aE aE HE EE EE EEE HE aE HE aE HE A HE aE aE aE HEE aE aE EE EEE EEE HEE Ea HE aaa EEE EE EEE EE 


Ht Eat aE HE HE HE HH 


--- System Configuration Dialog --- 
Would you like to enter the initial configuration dialog? [yes/no]: 
Press RETURN to get started! 
00:00:10: SLINK-3-UPDOWN: Interface Seriall/0, changed state to down 


00:00:10: SLINK-3-UPDOWN: Interface Seriall/1, changed state to down 


00:00:10: SLINK-3-UPDOWN: Interface Seriall/2, changed state to down 


Router>!!!this is router out of the box config 
Router>!!!all interfaces are shutdown 

Router>!!!I used Ctrl+C to quit out of setup mode 
Router>en 


Router#copy start run 


Destination filename [running-config]? 

2260 bytes copied in 1.76 secs (2260 bytes/sec) 
c3#cont t 

r3 (config) #config-reg 0x2102 

r3 (config) #int s0/1 

r3(config-if)#no sh 


r3(config-if) #int s0/2 


r3(config-if)#no sh 
r3 (config-if) tend 
r3¢#sh run 


Building -contiguration...«.. 


enable secret 5 $1$cVmoS$6uFnZdD1O5TttrZRO06w. 9/ 


line con 0 
logging synchronous 
transport input none 
laine aux 0 
line vty 0 4 
password donna 


login 


end 

r3#conft t 

r3 (config) #enable secret donna 

r3 (config) #end 

r3#copy running-config startup-config 

v3#sh ver 

Cisco Internetwork Operating System Software 


IOS (tm) 3600 Software (C3640-JS-M), Version 12.0(13), RELEASE SOFTWARE (fcl) 


Configuration register is 0x2142 (will be 0x2102 at next reload) 
r3#reload 


Proceed with reload? [confirm] 


r3>sh ver 


Configuration register is 0x2102 


Sample Password Recovery on a 2901 CatOS Switch 


Example B-3. Password Recovery on a 2901 CatOS Switch 


chesapeakebay>en 

Enter password: 

Sorry 

chesapeakebay>!!!power cycle 

chesapeakebay>!!!quickly press Enter for passwords to null them out 


chesapeakebay>!!!the diagnostic tests have been eliminated here 


Uncompressing NMP image. This will take a minute... 
Cisco Systems Console 

Enter password: 

chesapeakebay>en 

Enter password: 

chesapeakebay> (enable) set pass donna 
Usage: set password 

chesapeakebay> (enable) set pass 

Enter old password: 

Enter new password: donna 

Retype new password: donna 

Password changed. 

chesapeakebay> (enable) set enablepass 


Enter old password: 


Enter new password: harrington 
Retype new password: harrington 


Password changed. 


Sample Password Recovery on a 3512XL IOS Switch 


Example B-4. Password Recovery on a 3512XL 1 OS Switch 


Password: 

% Bad secrets 

kentnarrows>!!!unplug power cable 

kentnarrows>!!!reconnect while holding mode button on front panel 
kentnarrows>!!!release mode button after first port no longer lit 


kentnarrows>C3500XL Boot Loader (C3500-HBOOT-M) Version 11.2(8.1)SA6, MAINTENANC 


Ea 


INTERIM SOFTWARE 


Compiled Fri 14-May-99 17:59 by jchristy 


Starting... 


Base ethernet MAC Address: 00:d0:79:68:84:80 


Xmodem file system is available. 


The system has been interrupted prior to initializing the 


flash filesystem. The following commands will initialize 


the flash filesystem, and finish loading the operating 


system software: 


flash anve 


load_helper 


boot 


switch: flash_init 


Initializing, Flash... 


flashfs[0]: 221 files, 4 directories 


flashfs[0]: 0 orphaned files, 0 orphaned directories 


flashfs[0]: Total bytes: 3612672 


flashfs[0]: Bytes used: 2070016 


flashfs[0]: Bytes available: 1542656 


flashfs[0]: flashfs fsck took 3 seconds. 


-..done Initializing Flash. 


Boot Sector Filesystem (bs:) installed, fsid: 3 


Parameter Block Filesystem 


switch: load_helper 
switch:dir flash: 


Directory of flash:/ 


(pb:) installed, fsid: 4 


c3500XL=-c3h2s-mz-112.8.2-SA6.bin 


c3500XL-hdiag-mz_8_1.SA6 


2 drwx 13888 <date> html 

i) =rwx 1273530 <date> 

6 -rwx 82475 <date> 

224 -rwx 342 <date> env_vars 
225 -rwx 796 <date> vlan.dat 
226 -rwx 2069 <date> 


1542656 bytes available 


switch:more flash:config.text 


!!!look for passwords 


config.text 


(2070016 bytes used) 


enable secret 5 S1SWC9ASKi5sCa.zi30QtXBGEfU6D/ 


line con 0 


stopbits 1 


line vty 0 4 


password broadcreek 


login 

line vty 5 15 

login 

switch:rename flash:config.text flash:config.old 
switch:boot 


leading "flash:c3500xXL=c3h2s=mz-112.8.2=-SA6.bin".. 


TO EEHEPEPEPHEPEPEPES HERE PEEES HEHE PERE PERES HEHE PERES EERE PEPE HS EEPERES HEHEHE 


HTT HT HF 


Initializing C3500XL flash... 
!!'tthe diagnostic tests have been eliminated here 


Last reset from power-on 


Press RETURN to get started! 

--- System Configuration Dialog --- 
At any point you may enter a question mark '?' for help. 
Use ctrl-c to abort configuration dialog at any prompt. 
Default settings are in square brackets '[]'. 
Continue with configuration dialog? [yes/no]: 
%SSYS-5-RESTART: System restarted -- 
Cisco Internetwork Operating System Software 
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 11.2(8.2)SA6, 
“® OF TWARE 
Copyright 1986-1999 by cisco Systems, Inc. 
Compiled Wed 23-Jun-99 18:32 by boba 
C3500XL INIT: Complete 


% Please answer 'yes' or 'no'. 


Continue with configuration dialog? [yes/no]:n 


MAINTENANCE 


INT 


Press RETURN to get started. 

Switch>en 

Switch#rename flash:config.old config.text 
Source filename [config.old]? 

SError parsing config.text (No such device) 
Switch#rename flash:config.old flash:config.text 
Source filename [config.old]? 

Destination filename [config.text]? 

Switch#copy flash:config.text system: running-config 
Source filename [config.text]? 

Destination filename [running-config]? 

2069 bytes copied in 0.574 secs 

kentnarrows#conft t 

kentnarrows (config) #enable pass donna 
kentnarrows (config) #enable secret harrington 
kentnarrows (config) #end 


kentnarrows#copy run start 


Just as you should familiarize yourself with password recovery procedures for your devices, you als 
must do the same for upgrading the operating system software. The next section provides some 
guidelines. 


Software Upgrades 


Throughout the book | have given many references to assist you with upgrading your Cisco softwal 
available in the release you have, to fix a current bug, to improve performance or security issues s' 
vulnerabilities, or to meet your own in-house standards. Ultimately, consistency makes troubleshoc 
rule. 

Chapter 4, "Shooting Trouble with Novell |PX," should perhaps have been called "Shooting Trouble 
available using the software image installed on the routers in my lab. | used different methods to t 
Cisco) and FTP (3CDaemon) programs as well as setting up a router as a TFTP Server to serve the 
the configuration register stuff is kind of in the background. It is important to be familiar with diffe 
tools at hand. Most people can make use of a TFTP server, for example; if your images are larger t 
alternative methods such as FTP. If you skipped Chapter 4 because it had | PX in the title, perhaps ' 
experiment first hand. 


Follow along with the general procedures for upgrading your image software using a router as a TF 
FTP software. 


For specific software installation and upgrade procedures, go to Cisco.com. The following URLs are 


e www.cisco.com/warp/customer/130/upgrade_index.shtml 
e www.cisco.com/kobayashi/sw-center/ 


If you need assistance with downloading the file from Cisco.com, see www.cisco.com/public/sw-cel 
However, you need the appropriate maintenance contract, partner agreement, or special file acces: 


Serving an Image from a Router Configured as a TFTP Server 


The software installation and upgrade procedures for Run From Flash devices such as 1600, 2000, 


1. Setup a TFTP server and specify the directory where files are stored. Examples include Pump 
can serve the |OS image from a router configured as a TFTP server as follows: 


r1(config) #tftp-server flash:c2500-—js—-1.120-21a.bin 
r1l(config) #interface ethernet 1 

rl(config-if)#ip address 192.168.5.33 255.255.255.240 
r1l(config-if)#no shut 


rl (config-if) #end 


rl#copy running-config startup-config 


2. Verify RAM, Flash memory, and feature set requirements. Copy the appropriate |OS image to 


3. Establish a console (preferred) or telnet session to the router using the following settings: 


[e) 


Speed 9600 bits per second 


8 data bits 


[e) 


O° 


0 parity bits 


oO 


1 stop bit 


o No flow control 
4. Useshow version to check the configuration register setting. Typically it is 0x2102, but you s 


5. Add the appropriate IP information, such as |P address, subnet mask, and default gateway if 
simple ping. It is a good practice to copy your existing configuration files to the TFTP using cc 


NOTE 


You may need to partition Flash memory if the file is larger than one partition. If the file i: 
modules; you can issue the partition flash 1 command to partition the Flash. 
6. Change the router to RxBoot (bootflash) mode by setting the configuration register to the vali 


Router (config) #config-register 0x2101 
Router (config) #end 


Router#copy running-config startup-config 


Router#reload 


NOTE 


Setting the configuration register to 0x2101 puts the router in RxBoot (bootflash) mode a 


Router (boot) # 


To avoid overwriting your configuration, do not save any commands while in this mode. | 
after the reload. You need to wait a few minutes and try again. If, when connected to the 
rommon> prompt, your router is in ROMMON mode. If this happens, consult Cisco.com's 
you will put that to practice if you follow along. 

7. Restore the configuration register back to the original setting, or 0x2102 if you are not sure w 


rl (boot) (config) #config-register 0x2102 


8. Copy the new Cisco |OS Software image from the TFTP server to the router, as follows: 


Router (boot) #copy tftp flash 


NOTE 


When prompted, enter the |P address of the TFTP server, the source |OS filename, and th 
the 1OS filename as is when you download it so that you can always look up the feature s: 
may need to erase Flash memory before writing the new image. Each exclamation point ( 
transferred. A checksum verification of the image occurs after the image is written to Flas 

when the software upgrade is complete. 
9. Verify the |OS upgrade and reload if necessary without saving the configuration. A good indic 
and it says "router will be 0x2102 at next reload." Make sure that you are back to the normal 


Example B-5 displays a sample 2514 upgrade output. 


Example B-5. Upgrading the 1OS on a 2514 (Run from Flash Device) 


rl (config) #config-register 0x2101 


r1(config) #end 


rl#reload 
Proceed with reload? [confirm] 


00:18:07: %SSYS-5-RELOAD: Reload requested 


rl (boot) #copy tftp flash 
System flash directory: 
File Length Name/status 

1 5726508 c2500-i-1.120-9 
[5726572 bytes used, 11050644 available, 16777216 total] 
Address or name of remote host [255.255.255.255]? 192.168.5.18 
Source file name? c2500-js-1.120-21a.bin 
Destination file name [c2500-—js-1.120-21a.bin]? 
Accessing file “c2500-js-1.120-2la.bin" on 192.168.5.18... 
Loading ¢2500=js=1.120=-2la.bin from 192.168.5.18 (via Ethernet0) + 
Erase flash device before writing? [confirm] 
Flash contains files. Are you sure you want to erase? [confirm] 
Copy 'c2500-js-1.120-2la.bin' from server 


as 'c2500-js-1.120-21la.bin' into Flash WITH erase? [yes/noly 


eeee ...erased 


Loading c2500-js-1.120-21la.bin from 192.168.5.18 (via Ethernet0): 


Erasing device... eeeeeeeceecceeeeceeceeceececeeeceececeeceeeeceeceeeceeeceeceeceeeeeeeceee 


[OK — 10253564/16777216 bytes] 
Verifying checksum... OK (0xFA32) 
Flash copy took 0:05:55 [hh:mm:ss'] 
rl (boot) #show flash 
System flash directory: 
File Length Name/status 
ae 10253564 c2500-js-1.120-21la.bin 
[10253628 bytes used, 6523588 available, 16777216 total] 
16384K bytes of processor board System flash (Read/Write) 
rl (boot) #eonfigure terminal 
rl (boot) (config) #config-register 0x2102 
rl1 (boot) (config) #end 
rl (boot) #reload 
System configuration has been modified. Save? [yes/no]:n 


Proceed with reload? [confirm] 


Upgrading Software Images with TFTP Programs and Flash Cards, Includ 


Follow the same concepts as in the preceding section to upgrade software images using a PC- base 
server. Learn the specifics of the application you choose to use, such as PumpKin, 3CDaemon, Cisc 
the right directory location and make sure the TFTP application is up and running. Verify that your 
properly on your TFTP server and the router/switch device. Perform the upgrade as in the followinc 


Example B-6 uses a PC Card (PCMCIA) in slot 1 to perform this upgrade. Some devices have extra 
that the Flash memory on the card is partitioned and formatted for the appropriate device. This ex 
accidentally upgrade to an |OS that your physical RAM does not support. 


Example B-6. Viewing the Flash on the 3620 


r4#show slotl1: 


PCMCIA Slotl flash directory: 
File Length Name/status 
1 13459880 ¢3620-is-—mz.122-8.T.bin 
Z 893 startup-config [deleted] 
3 6945008 c3620-io3-mz.122-8.T4.bin 
[20405976 bytes used, 565544 available, 20971520 total] 
20480K bytes of processor board PCMCIA Slotl1 flash (Read/Write) 
r4#show flash 
System flash directory: 
File Length Name/status 
al 3971288 cB6Z20=dam2el13=9.T 
[3971352 bytes used, 12805864 available, 16777216 total] 


16384K bytes of processor board System flash (Read/Write) 


Slotl: is among the many different types of Flash available. Others include slot0:, flash:, bootflash 
show flash [all] command to determine the type and status for your particular device. Alternative 
dir slot0: or dir slot1: commands to check their contents. If the Flash is read-only, you can't writ 
run-from-Flash device such as the 2500 series routers, you must drop back to RxBoot mode by set 
don't have RxBoot mode as a boot helper may have a bootflash: mode instead. If not, you can still 
they are much more time-consuming. 


NOTE 


There are many variances with equipment and flash types. For example, the flash card may hi 
you can erase a file using the delete command. However, in many cases you must then issue 
taken up by the deleted file. Research your specific requirements using your CCO account on ¢ 


| have physical connectivity (via a crossover cable) between my PC (hosta) that | am using as a TF 
Alternatively, you must configure your IP settings, including the default gateway, to ensure |P com 
advantages of using PC Cards for slot0: or slotl: because you can easily transfer the image to the 
need to first get the image to the PC Card, in which a TFTP/FTP server and IP can be quite helpful. 
images include the boot system commands. For example, you can test an image by booting to an i 
upgrade. These boot system commands are read first with the configuration register set to the defi 
configuration (NVRAM). An example of a boot system command is as follows: 


boot system flash slot1:c3620-is-mz.122-8.T.bin 


NOTE 


Always analyze your existing configuration for existing boot system commands. Without them 
boot system commands to load a more up-to-date larger operating system from either a tftp < 
flash memory available. If there are multiple boot system commands they are read in order. Y 
can type no in front of each one to delete them individually. Remember to save your running- 


boot system commands. 


| configured my e0 interface as 10.1.1.1 255.255.255.0 and hosta (the TFTP server) as 10.1.1.2 2! 
up the 3CDaemon TFTP server on hosta. As a precaution, | copied my existing configuration and th 


Example B-7. Backing Up the Configuration and Software Image 


r4#copy run tftp 
Remote host []? 10.1.1.2 
Name of configuration file to write [r4-confg]? 


Write file r4-confg on host 10.1.1.2? [confirm] 


BuLlding: Conkrgurat ions .-« 

Writing r4-confg .!! [OK] 

r4#copy flash tftp 

System flash directory: 

File Length Name/status 

1 S97T1IZ89 .e3620=d=nenl13=9..7 


[3971352 bytes used, 12805864 available, 16777216 total] 


Address or name of remote host [255.255.255.255]? 10.1.1.2 


Source file name? c3620-d-mz.113-9.T 

Destination file name [¢c3620-d=mz.113-9.T]? 

Verifying checksum for 'c3620-d-mz.113-9.T' (file # 1)... OK 
Copy 'c3620-d-mz.113-9.T' from Flash to server 


as 'c3620-d-mz.113-9.T'? [yes/noly 


Upload to server done 


Flash device copy took 00:00:23 [hh:mm:ss] 


Now review the files that were previously copied to the Flash card and upgrade the internal Flash t 
and paste the filename rather than type it. 


Example B-8. Upgrading the I nternal Flash from Slot1: 


r4#sh sloti: 
PCMCIA Slotil flash directory: 
File Length Name/status 
dl 13459880 c3620-is-mz.122-8.T.bin 
2 893 startup-config [deleted] 
3 6945008 c3620-io3-mz.122-8.T4.bin 
[20405976 bytes used, 565544 available, 20971520 total] 


20480K bytes of processor board PCMCIA Slot1 flash (Read/Write) 


r4#copy slot1:c3620-is-mz.122-8.T.bin flash: 
System flash directory: 
File Length Name/status 


al 3971288 ¢3620=d=mz<.113=9..7 


[3971352 bytes used, 12805864 available, 16777216 total] 
Destination file name [c3620-is-mz.122-8.T.bin]? 
Verifying checksum for 'c3620-is-mz.122-8.T.bin' (file # 1)... OK 
Erase flash device before writing? [confirm] 
Flash contains files. Are you sure you want to erase? [confirm] 
Copy 'c3620-is-mz.122-8.T.bin' from slotl1: device 
as 'c3620-is-mz.122-8.T.bin' into flash: device WITH erase? [yes/noly 
Erasing device... eeeeeeeceeeeeeeeceeceeceeceeceeceeeceececeeeeeeeeeeeeeeeeceeeeeeeeeeeecece 


...erased 


[OK - 13459880/16777216 bytes] 
Flash device copy took 00:02:16 [hh:mm:ss] 
Verifying checksum... OK (0x7A7B) 
r4#reload 


Proceed with reload? [confirm] 


System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fcl) 
C3600 processor with 32768 Kbytes of main memory 

Main memory is configured to 32 bit mode with parity disabled 

program load complete, entry point: 0x80008000, size: Oxcd608c 

Error : memory requirements exceed available memory 

Memory required : 0x02193BAC 

xxx System received a Software forced crash *** 

signal= 0x17, code= 0x4, context= 0x0 


PC = 0x800080d4, Cause = 0x20, Status Reg = 0x3041£f003 


Although you followed the correct procedures for copying a file from slot1: to the internal Flash, yo 
verify you have enough RAM and Flash memory available for the image in which you want to upgré 


experience Xmodem first hand, because that is how to recover. First, go back to Cisco.com and do\ 
and the RAM and Flash that you have. In my lab, IP and IPX are required, so | downloaded the apr 
you break out of the repeating error message and end up in ROM monitor mode. Although not reat 
console speed using confreg on the router and the terminal settings on the terminal emulator proc 
mismatch. 


Example B-9. Changing the Console Speed on the Router 


confreg 
Configuration Summary 
enabled are: 
load rom after netboot fails 
console baud: 9600 
boot: image specified by the boot system commands 


or default to: cisco2-C3600 


do you wish to change the configuration? y/n [n]: y 
enable "diagnostic mode"? y/n [n]: n 

enable "use net in IP bcast address"? y/n [n]: nn 
disable "load rom after netboot fails"? y/n [n]: nn 
enable "use all zero broadcast"? y/n [n]: n 


enable "break/abort has effect"? y/n [n]: n 

enable “ignore system config info"? y/n [n]: n 

change console baud rate? y/n [n]: y 

enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400 

4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]:7 

change the boot characteristics? y/n [n]: n 
Configuration Summary 

enabled are: 

load rom after netboot fails 

console baud: 115200 


boot: image specified by the boot system commands 


or default to: cisco2=C3600 
do you wish to change the configuration? y/n [n]: n 
You must reset or power cycle for new config to take effect 


rommon 2 >reset 


Continue the Xmodem download in Example B-10. 


Example B-10. Using Xmodem on the 3620 to Download an Image from t 


rommon 13 > xmodem -c c3620-—d-mz.121-18.bin 
Do not start the sending program yet... 
File size Checksum File name 
10506692 bytes (0xa051c4) Ox2b5d ¢3620—js—mz.121-17 
WARNING: All existing data in flash will be lost! 


Invoke this application only for disaster recovery. 


Do you wish to continue? y/n [n]: y 


Ready to receive file c3620-d-mz.121-18.bin 


Now that the Xmodem procedures are initialized on the router, do the same through the terminal e 
Hyperterm, as illustrated in Figure B-3. 


Figure B-3. Starting Xmodem on Hy; 


fem file send for Hyperlerm 


« HyperTerns: « Hyperte 


Pie (Ea Ge al Thee te 


romeon 15 > xmodem -c ¢3620-d-wz,121- aes in 
Do not st ~ een program yet. . * spate 
i 


File ksun 
10506692. byte: (0xa051c6) Ox2b5d 3620-5 s-mz.121-17 


WARNING: All existing data in flash will be lost! 
Invoke this application only for eared recovery, 
Do you wish to continue? y/n_ [n]: 

Ready to receive file c3620-d-nz. i21” 18.bin ... 


Konneted 21256 — Autodetet flisenoena = fcRc [CS fy Kate [rete 


SelectTransfer>Send from the HyperTerm menu. Specify the image name and location and start t 
erasing Flash at various memory locations, programming Flash at various memory locations. Wher 


Download Complete! 

program load complete, entry point: 0x80008000, size: 0x587050 

Self decompressing the image : 

Ht ae aE aE aE aE aE aE aE aE aE aE aE aE aE aE Ea aE Ea aE a aE Ea aE aaa aE EEE EEE EE EE EE EEE EE EE EH 
THEFHEPHASHAS HES HEE HES HES HES HEPHEPHEHES HEE HEP HEH HERHEHRERAE HASHES HEE HREE REE HRES HEH HE 


TO EHEHEHEAPEEAHA PEA AEAEEHA RE AEAAAREPEAAARAPA AAA AAAEPA RE AAAAAREPA RE AAAEERERA HEHE 


TO EHEHEHEAPEREPAEPH REAP EEEPA RE AE AERA PAEH AERA HERA AAAREPA AA AAAAAEEPA HERA AEERERA HERE 


WOHHHHHHH HH HH 


# [OK] 


The router should then boot up as normal. You can use the config- register command to set the re 
the download). Reload and then test things as in Example B-11. Copy the new image from Flash to 
ensure your boot code is current. This may require a software upgrade similar to the preceding exe 


Example B-11. Verifying the Xmodem Download 


r4¢dir flash: 
Directory of flash:/ 
1 =fw= 5796204 <no: date> ¢3620=d=mz.121-18 bin 
16777216 bytes total (10980948 bytes free) 
r4#copy flash slotl1: 
Source filename [c3620-d-mz.121-18.bin]? 
Destination filename [¢3620-d=mz.121=18.bin] ? 
Brase sloti: before copying? [confirm] 
Erasing the slotl filesystem will remove all files! Continue? [confirm] 
Erasing devices. 
eeeccececeecececcecececececeeceececececcecececececececececeeeecccececececececececececeeceececeeceeeee 
eeecceceececeeceeceececcececeececececeececececececececeeeececececeeeccececececececeeeeceeeecece ...er 
Erase of slotl: complete 
Copy in 
progress... CCCCCCCCCCCCCCCCCCCCCECCCECCCOCECCCECCCCCCCCECCECCECCOCECCCECECCCCECCCECE 


CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC 


Verifying checksum... OK (0xF693) 
5796204 bytes copied in 87.200 secs (66623 bytes/sec) 


r4#sh slotl: 


PCMCIA Slot0O flash directory: 
File Length Name/status 
dL 59796204 ¢3620-d-mz.121-18.bin [invalid checksum] 
2 5796204 c3620-d-mz.121-18.bin 
[11592536 bytes used, 9378984 available, 20971520 total] 
20480K bytes of processor board PCMCIA Slot0O flash (Read/Write) 


r4#copy run start 


NOTE 


Refer to www.cisco.com/warp/public/130/xmodem_generic.html for detailed instructions on X 


Working with Modular Devices 


Now that you are comfortable with upgrading the software on fixed devices, examine how to do the 
supervisor line card, router, and other modules. 


Downloading Supervisor Engine Images Using TFTP 


Downloading to a modular device—for example, a 6509 that includes a Supervisor, router, and oth 
fixed device. The basics are the same, and the device should remain operational while the image d 
session, and |1P parameters as mentioned previously. Verify RAM, Flash, and any special feature se 
TFTP/FTP server or Flash card. Enter the copy tftp flash command. Enter the IP address of the TF 
to which to copy the file, and the destination filename when prompted. So that the new image bool 
modify the boot environment variable as follows: 


set boot systemflashdevice: filename prepend 


In this example, flashdevice may be something like sup-bootflash: or slavesup-bootflash: and the | 


the switch, it is normal for your telnet session to disconnect. During the switch startup, however, tt 
this with show version when you reconnect via the console or telnet. 


Because there are minor differences according to your hardware, research the specifics at Cisco.col 


example, you can't download directly from the TFTP server to the standby Supervisor Flash. Instea 
image on the active (primary) Supervisor card. 


Downloading Switching Module Images Using TFTP 


Set up your TFTP/FTP server, console/telnet session, and |P parameters as previously mentioned. \ 
Copy the appropriate image file to the TFTP/FTP server or Flash card. Assuming that you want to c 
modules of the same type that you want to upgrade, enter the copy tftp flash command. On the ¢ 
but you only want to upgrade a single one, enter the copy tftpmodule#/ bootflash: command. Yc 
you begin. Next enter the IP address of the TFTP server, the name of the file to download, the Flasl 
filename when prompted. All modules should remain operational during the image download. Rese 
command from the Supervisor prompt. Use the show versionmodule# command to verify the nev 


You can find examples of upgrading the code and for password recovery on modular devices such < 
www.cisco.com/univercd/ cc/td/ doc/ product/lan/cat6000/sft_6_1/configgd/images.htm. 


Upgrading Software Images with FTP Programs 


An image may exceed the 16-MB limitation for TFTP; therefore, FTP is a workaround. Follow the TF 
information for FTP. TFTP does not use username and passwords, but FTP does. You must follow hc 
anonymous access enables you to log in with a username of anonymous with your e-mail address f 
the command to copy the |OS or OS from an FTP server to Flash. 


Example B-12. Copying from an FTP Server to Flash 


rl(config)#ip ftp username anonymous 

rl(config)#ip ftp password donna@shoretraining.com 
rl (config) #end 

rl#copy running-config startup-config 

rl#copy ftp flash 


!!!follow the previous tftp example for the rest of the copy 


These are not the only methods and procedures because there are differences according to platforr 


Summary 


Know your resources and where to get current information. The last thing you want to do is 
perform a password recovery, figure out config-register fields, or upgrade software live without 
ever attempting these procedures in a lab. Take a proactive approach and get acquainted with 
your devices before you put them into production. 


Appendix C. Equipment Reference 


Obtaining equipment can be expensive, but following along and building your own lab as!| do is 
definitely the best way to utilize this book. 


If you are unable to get the equipment, do not despair; you can still utilize this book. You just 
need to think aloud and pay more attention to the figures, explanations, and examples. Little 
changes are hidden throughout the book, and although the chapters take on a structured 
approach and | recommend a structured approach to troubleshooting, you will learn more if you 
read the fine details within the chapters so that you are prepared for the unknown. 


Start with a pad of paper and document the network. Draw and redraw the networks as you 
work through the exercises throughout this book. Color-code your routing domains, addresses, 
devices, ports, terminal server connections, and so on. Download the files to get more detail on 
what is truly happening for the various scenarios and Trouble Tickets. Perform some research at 
Cisco.com as you progress through the book. Create tables and lists so that you can put yourself 
in the position of someone who is configuring and troubleshooting the various LAN and WAN 
technologies. 


Support Equipment Used in This Book 


Figure C-1 shows a physical diagram of the equipment used throughout this book. | would have 
preferred to use more up-to-date higher-end boxes such as Catalyst 6509s and the like. Keep in 
mind that just wasn't practical for my home lab either. 


Figure C-1. Equipment Used in This Book 


[View full size image] 


(opt) 804 Hub Win9B = Novell 4.11 
** All ethernets 10 Mops unless noted. ** 
** All serials 1.544 Mbps unless noted. ** oe 
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Terminal Server (2511) 
tod 1.1.1.1/8 


1 duck (rt) 2514 
2 heron (r2} 2501 
3 goose (13) 2640 
4 osprey (14) 3620 
5 crab (r5) 2516 
6 swan (6) 2520 
7 forry (r7) 2513 
8 chesapeakebay (s1) 2400 
9 kentnarrows (s2) 3512xt 
10 knappsnarrows ($3) 1900 


2900CatOS 
ports 10, 11, 12 are mod 2 


er res 
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A list of equipment! used follows. Alternatively, you can use other equipment, assuming you 
have enough interfaces to perform the chapter scenarios and Trouble Tickets. Look at the first 
figure at the beginning of each chapter to get a feel for the exact equipment used on a chapter- 
by-chapter basis. | thought it necessary to have coverage of both the Cisco 1|OS and CatOS on 
fixed and modular devices. 


The routers and switches in Figure C-1 are as follows: 


e rl— 2514 


e r2— 2501 


r3— 3640 


e r4— 3620 
e r5— 2516 
e r6— 2520 
e r7— 2513 


sl— 2901 CatOS 


s2— 3512XL IOS (2900XL will suffice) 


s3— 1900 Standard Edition (It may be more practical to use another | OS- based switch in 
place of the 1900 since Cisco courses are dropping the 1900s from their curriculum.) 


NOTE 


For the most part, |P-only images are acceptable images for your devices. Extensive 
feature sets are not required, so there is no need to spend lots of money upgrading 
RAM/ Flash memory for the practical exercises. The exception to this is if you want to 
go through the I PX scenarios and tickets. If so, you need an image that supports the 
|PX protocol, too. 


Other equipment! use throughout the book includes: 


e A2511 terminal server and octal cables make life much easier for getting to the console of 


the devices. Refer to the section on "Configuring a Terminal Server (2511)," for details. 


e An 804 on the backbone as a ping target, but this is not required. 

e The hub on the backbone is not required. It is not a Cisco hub. 

e Category 5 straight-through and crossover cables for the Ethernets and |ISDN. 

e Transceivers are needed on the rl and r2 Ethernets where there are AU] DB15 connections. 


e The serial WAN connections are possible via V.35 DTE/DCE back-to-back DB60 cables. You 
can find them at www.stonewallcable.com. 


e Power cords, power strips, and an uninterruptible power supply (UPS). Be sure you have 
enough power to run the equipment. 


Where to Buy Equipment 


| purchased most of my equipment for my lab off of eBay. If you don't have access to equipment 
at work or remote labs, take a look at the following sites to start your own home, work, or 
classroom lab: 


e www.stores.ebay.com— Categories such as computers, networking and telecom, and 
routers and switches will take you to a vast list of merchants. 


e www.ebay.com 

e www.comstarinc.com 
e www.netfix.com 

e www.iqsale.com 

e www.optsys.net 

e www.cheapisdn.com 
e www.cccmn.com 

e www.symmic.com 


e www.computergate.com 


e www.cdw.com 


e www.microwarehouse.com 


Configuring a Terminal Server (2511) 


Although a terminal server (2511) is an optional piece of equipment for the lab, it provides 
convenience and alleviates the frustration of swapping console cables. Yes, it is true that you can 
telnet from device to device. However, telnet requires IP, and you are constantly making 
changes in the scenarios to where you do not just automatically always have in- band (I P- based) 
management. The terminal server provides out-of-band management, which is totally separate 
from your IP configuration. Figure C-2 illustrates a 2511 (an example of a terminal server) and 
the octal cable connections from the asynchronous interface to the router/ switch console ports. 


Figure C-2. Terminal Server (2511) 
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A terminal server works via a reverse telnet operation. Physically make your connections as in 
Figure C-1 to get started. Next, connect the asynchronous octal cable(s) to the 2511's 68-pin 
SCSI interface(s). Then connect a rolled console cable from the COM1 port (serial) on your PC to 
the console port on the terminal server. Power the device on and use a terminal emulator such 
as HyperTerm to connect. Set up your terminal settings as follows: 


e 9600 bps 


8 data bits 


0 parity bits 


1 stop bit 


No flow control 


Now you are ready to program the 2511 just as if it were any other router. Assign a hostname 
and passwords. Create a loopback address, set up a hosts table, and allow telnet, at a minimum, 
as the transport across the asynchronous lines 1 through 16. Example C-1 illustrates this 
configuration for Chapter 3, "Shooting Trouble with IP," where you first use the terminal server. 


Example C-1. Terminal Server Configuration 


Router>enable 

Router#configure terminal 

Router (config) #hostname ts 

ts (config) #enable password donna 
ts(config)#line vty 0 4 

ts (config-line) #login 

ts (config-line) #password donna 

ts (config-line) #logging synchronous 


ts (config-line) #exec-timeout 30 


ts (config-line) #exit 

ts (config) #interface loopback 0 
ts(config-if)#ip address 1.1.1.1 255.0.0.0 
ts(config-if)#no shut 


ts (config-if) #exit 


ts(config)#ip host ? 
WORD Name of host 
ts(config)#ip host rl ? 


<0-65535> Default telnet port number 


A.B.C.D Host IP address (maximum of 8) 


ts(config)#ip host r1 1.1.1.1 ? 
A.B.C.D Host IP address (maximum of 8) 
<cr> 
ts(config)#ip host rl ? 
<0=65535> Default. telnet port number 
A.B«C.D Host IP address (maximum of 8) 
ts(config)#ip host rl 2001 1.1.1.1 
ts(config)#ip host r2 2002 1.1.1.1 
ts(config)#ip host r3 2003 1.1.1.1 
ts(config)#ip host r4 2004 1.1.1.1 
ts(config)#ip host r5 2005 1.1.1.1 


ts(config)#line 1 16 


ts(config-line) #transport input ? 


all All protocols 

lat DEC LAT protocol 

mop DEC MOP Remote Console Protocol 
nasi NASI protocol 

none No protocols 

pad X.3 PAD 


rlogin Unix rlogin protocol 
telnet TCP/IP Telnet protocol 
v120 Async over ISDN 

ts (config-line) #transport input all 


ts (config-line) #no exec 


Save and display the terminal server (ts) final configuration. The pertinent parts are in Example 
C-2. 


Example C-2. Terminal Server running-config 


ts#copy running-config startup-config 
ts#show running-config 

hostname ts 

enable password donna 

ip host: ri 2001. Lal. teal 

ip host .r2 2002 1.1.1. 

ip host xr3° 2003 Lol.tet 


ip host r4 2004 1.1.1.1 


ip host <5 2005 Lol.let 
interface LoopbackO 

ip address Lsl.1.1 255.0..0.0 
line con 0 

transport input none 
line 1 16 

transport input all 

no exec 

line aux 0 

line vty 0 4 

password donna 
exec-timeout 30 0 
password donna 

logging synchronous 
login 


end 


Now that the terminal server is configured, verify its operation. The terminal server essentially 
connects to its own loopback address via telnet by initiating the connection out an asynchronous 


line. Refer back to Figure C-2 for an illustration of the asynchronous line numbers starting with 
2001 and incrementing by 1. Use the hosts table to connect to all devices as in Example C-3. 
Without a hosts table on the terminal server, you need to issue the following commands to 
connect to the five devices shown: 


Ni leo connect. to rl 
ts#telnet 1.1.1.1 2001 
Nl leo connect to r2Z 
ts#telnet 1.1.1.1 2002 
'Iileo connect to r3 
ts#telnet 1.1.1.1 2003 
'l leo connect to r4 
ts#telnet 1.1.1.1 2004 
NiVeoe connect to r5 


ts#telnet 1.1.1.1 2005 


Example C-3. Opening the Terminal Server Connections 


ts#show sessions 

% No connections open 

ts#show hosts 

Default domain is not set 

Name/address lookup uses domain service 


Name servers are 255.255.255.255 


Host Flags Age Type Address(es) 


rl (perm, OK) 4 TP Kerra lage ea 


r2 (perm, OK) 4 IP 

r3 (perm, OK) 4 IP 

r4 (perm, OK) 4 IP 

r5 (perm, OK) 4 IP 

ts#r1 

Trying rl. (ledl.is.d, 2001) 25. Open 

ri> 

rl>!!!I am pressing Ctr1+Shift+6,x to return to the ts console 
ts#r2 

Trying r2 (1.1.1.1, 2002)... Open 

r2> 

r2>!!!I am pressing Ctr1+Shift+6,x to return to the ts console 
ts#r3 

Trying £3: (lsl.tsly 20038)... Open 

r3> 

r3>!!!I am pressing Ctr1+Shift+6,x to return to the ts console 
ts#r4 

Trying r4 (1.1.1.1, 2004)... Open 

r4> 

r4>!!!I am pressing Ctrl1+Shift+6,x to return to the ts console 
ts#xr5 

Trying ©rS (lel. is.1),° 2005) 22. Open 


r5> 


ro>!!!I am pressing Ctr1l+Shift+6,x to return to the ts console 


ts# 


Notice that | typed the hostname of each device to open a connection to it. Although not a 
necessity, this renders the troubleshooting easier because | aligned r1 with async line 1 (2001), 
r2 with async line 2 (2002), and so on. The command sequence to leave the connection open, 
but return to the terminal server is Ctri+Shift+6,x. If you want to disconnect, you can issue 
disconnectsession#. View the open sessions in Example C-4. 


Example C-4. Viewing the Open Terminal Server Connections 


ts#show sessions 


Conn Host Address Byte Idle Conn Name 
1 ri ded écles 0 8 rl 
Z ©2 Le deded 0 8 r2 
3: #3 Leleded 48 8 x3 
4 r4 desde ds dL 51 8 r4 
x 5: ¥5 dhegae ccs ak 0 T £9 


Example C-4 shows that rl through r5 are currently open sessions and that r5 is the default 
because the asterisk (*) displays to the left of it. The default session is the one you end up in if 
you press the Enter key as! do in the following output. 


ts# 
[Resuming connection 5 tO rd «.. J 


r5> 


This time, type r5 from the terminal server rather than just the number 5 as in Example C-5. 


Example C-5. Connection Refused by Remote Host 


ts#xr5 
Trying 25 (Leds sly 2005) «024 


fo) 


% Connection refused by remote host 


ts#show line 


Dey Lyp Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 
- Ou Cry - - - - - 5 0 0/0 - 
a <t TTY 9600/9600 - - - - - 1 0 0/0 as 
= 2° TTY 9600/9600 - - - - - 1 0 0/0 - 
x 2 - TTY 9600/9600 - - - - - 1 0 0/0 - 
* 4 TTY 9600/9600 - - - - - 1 0 0/0 = 
#  Be EEy 9600/9600 - - - - - 1 0 0/0 - 

6 TTY 9600/9600 - = = = = 0 0 0/0 - 

7 TTY 9600/9600 - = - = - 0 0 0/0 - 

x 8 ITY 9600/9600 - = - - - 0 11 424/1283 - 
= Or EY 9600/9600 - - - - - 0 20 413/1239 - 
10 TTY 9600/9600 - = - - a 0 52 332/997 - 


Line 5 is already open, but you really only needed to type 5 to get to it in the first place. 
However, it looks like something was already using line 8 and line 9 in the previous example. 
Clear these lines as in Example C-6 so that they are available for use. 


Example C-6. Connection Refused by Remote Host 


ts#clear line 8 


[confirm] 


[OK] 


ts#celear line 9 


[confirm] 


[OK] 


ts#show line 


Tty Typ 
* 0 CTY 
* 1 TTY 
* 2 TTY 
* 3 TTY 
* 4 TTY 
* 5 9Ty 

6 TTY 
7 TTY 
8 TTY 
9 TTY 
10 TTY 
1d TTY 
12 TTY 
13 tty 
14 TTY 
15 TTY 
16 TTY 
17 AUX 
18 VTY 


Tx/Rx 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


9600/9600 


A Modem Roty AccO AccI Uses 


Noise 


9 


115 


a2 


Overruns 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


433/1312 


423/1270 


832/997 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


0/0 


Int 


19 


20 


21. 


Tty 


22 


VTY 


VTY 


VTY 


Typ 


VTY 


Tx/Rx 


Roty AccO AcclI 


Uses 


Noise Overruns 


0 0/0 


Int 
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10,000-Mbps Ethernet 2nd 
10-Mbps Ethernet 2nd 
100-Mbps Ethernet 2nd 
1000-Mbps Ethernet 

1900 switch 


testing 
1900 switches 


accessing 
1900 swtiches 
_HTTP 
2900 switch 


passwords 

ping command 

testing 
2900 switches 

configuring 
3-way handshake sequences 
3512XL switch 

configuring 

password 

testing 


troubleshooting 
3600 series routers 


show flash command 
802.2 SAP headers, Ethernet frame format 2nd 
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above baselines, building 
access 
lists 
methods 
switches 
access control lists (ACLs) 
Access Control Lists (ACLs) 
debug command 
Access Layer 
accounting 
management 
acknowledgements (acks) 
ACLs (access control lists) 
ACLs (Access Control Lists) 
debug command 
active monitors 
adding 
routing protocols 
static Frame Relay maps 
Address Resolution Protocol (ARP) 
tables 
addresses 
broadcast 
Ethernet 2nd 
Frame Relay 2nd 
IP 2nd 
subnets 2nd 
summarization 2nd 
local multicast 
_MAC 
IP 
_NAT 
Novell 2nd 
administration 
shut down 
Advanced Search Tool (TAC) 
advantages 
of VLANs[advantages 
VLANs] 
advertisements 
coe 
loopbacks in EIGRP 
algorithms 
_DUAL 
SPE 
American Wire Gauge (AWG) 
analying 
3-way handshake sequences 
analysis 
BPDU 2nd 
analyzers 
protocols 2nd 
analyzing 
host-to- host_connectivity 


|P headers 
IPX 
client startup 
|PX headers 
|PX RIP headers 
protocols 
RConsole SPX packets 


RIP packets 
routes 


_SPAN 
Telnet 
Application Layer (Layer 7) 
application- specific integrated circuits (ASICs) 
applications 
Novell 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer 2nd 
port numbers 
TCP/IP 2nd 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer Layer 2nd 
Telnet 
applying 
routers as Frame Relay switches 2nd 
Sniffer Pro 2nd 
architecture 
Cat5000/Cat6000 2nd 
selecting 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 
25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th 47th 48th 
49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 69th 7Oth 71st 72nd 
73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th 91st 92nd 93rd 94th 95th 96th 
97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111th 112th 113th 114th 115th 116th 
117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 131st_132nd 133rd 134th 135th 
136th 137th 138th 139th 140th 141st 142nd 
ARP 
inverse ARP 2nd 
show arp command 
ARP (Address Resolution Protocol) 
clear arp- cache command 
no ip proxy-arp command 
tables 
ASICs (application- specific integrated circuits) 
authentication 
_CHAP 
auto frame-type detection 
automatic summarization 
closing 
autonegotiation hierarchy 
AWG (American Wire Gauge) 
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back- to- back configuration (Frame Relay) 2nd 
Backup 
configuration 
backup 
interfaces 
backup interface command 
backup, dial 2nd 
backups 
Trouble Tickets 2nd 
backward explicit congestion notification (BECN) 2nd 
baseband signaling 
baselines 
WANDL 
baselining 
_1PX 
troubleshooting 2nd 
Basic Rate Interface (BRI) 2nd 
configuring 
Basic Rate Interfaces (BRIs) 
BEC (Gigabit EtherChannel) 
BECN (backward explicit congestion notification) 2nd 


beforeyoubegin 
BGP (Border Gateway Protocol) 2nd 


Frame Relay 
big- endian systems 
binary place values 2nd 
binary places values 
bindery 
binding 
_1PX 
bits 
_C/R 
_EA 
Frame Relay 
blades 
routers 2nd 
boot helper mode 
BOOTP (Bootstrap Protocol) 
Bootstrap Protocol (BOOTP) 
Border Gateway Protocol (BGP) 2nd 
Frame Relay 
bouncing 
interfaces 
BPDU 
analysis 2nd 
BRI (Basic Rate Interface) 2nd 
configuring 


bridges 2nd 
VLANs 


BRIs (Basic Rate Interface) 
broadband networks 
broadcast addresses 
broadcast domains 

VLANs 2nd 


configuring 2nd 


traffic types 2nd 
VMPS 


broadcasts 

domains 2nd 
building 

layer 2 baselines 
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C/R (Command/Repsonse) bit 
cables 
straight-through 


unplugging 
caches 


clear arp- cache command 
calculations 

binary place values 
CAM (content addressable memory) 
canonical names 
capturing 

packets 


capturing Syslog 
carrier sense (CS) 


carrier sense multiple access collision detect (CSMA/CD) 
Cat5000/Cat6000 architecture 2nd 
CatOS 

switches 2nd 

building Layer 2 baselines 

troubleshooting 2nd 

VTP statistics 
CCP (Cisco Control Protocol) 
CD (collision detection) 
CDaemon Syslog 
CDP (Cisco Discovery Protocol) 2nd 
CDPD (cellular digital packet data) 
CEF (Cisco Express Forwarding) 2nd 3rd 
cellular digital packet data (CDPD) 
central office (CO) 
Challenege Handshake Authentication Protocol (CHAP) 
CHAP (Challenge Handshake Authentication Protocol) 
characters 

ping command 

output 

traceroute command 
checklists 

troubleshooting 
chesapeakebay switch, documentation 
CIC (Cisco Info Center) 
CIDR (Classless Interdomain Routing) 
CIR (Committed Information Rate) 2nd 
Cisco approach to troubleshooting 2nd 
Cisco Control Protocol (CCP) 
Cisco Discovery Protocol (CDP) 2nd 
Cisco Express Forwarding (CEF) 2nd 3rd 
Cisco Info Center (CIC) 
Cisco Marketplace 2nd 
Cisco. com (CCO) 2nd 
CiscoWorks 2nd 3rd 
CiscoWorks for Switched | nternetworks (CWSI) 
classes 

IP addresses 
Classless Interdomain Routing (CI DR) 
clear arp-cache command 2nd 


clear counters command 


clear frame-relay-inarp command 


clear ip route command 
clear trunk vian# command 


clearing 
2900 switches 
counters 
existing switch configurations 


normal call clearing 
CLI_ (command-line interface) 


CatOS-based switches 2nd 

|OS-based switches 2nd 
clients 

Microsoft Client 

NetWare 

CLNS (Connectionless Network Protocol) 
clock rate command 
clock rate statement 
closing 

automatic summarization 
CO (central office) 
code 

_ICMP 
collision detection (CD) 
collisions 

bridges 2nd 

domains 2nd 


Command/Response (C/R) bit 
commands 

backup interface 

clear arp-cache 2nd 

clear counters 

clear frame-relay inarp 


clear ip route 
clear trunk vian# 


clock rate 
config-register 
configure terminal 
copy tftp flash 
debug 

ACLS 

|OS troubleshooting tools 2nd 

Time Stamps 
debug dialer 
debug dialer events 
debug frame-relay events 
debug frame-relay Imi 2nd 3rd 
debug frame-relay packet 
debug ip bgp ? 
debug ip icmp 
debug ip ospf ? 
debug ip packet 
debug ip packet detail 
debug ip rip events 
debug ipx packet 2nd 
debug isdn q921 2nd 


debug ppp authentication 
debug ppp negotiation 

debug serial interface 

debug service timestamps 
dialer map 

dialer- group 

dialer-list_1 protocol ip permit global 
dialer-list protocol ip permit 
display networks 

enable 

encap frame-relay 

erase startup- config 

frame relay route 

frame-realy interface-dici dici# 
frame-relay intf-type dce 
frame-relay local-dlci 


Hayes 
hostname 


interface vian # 


ip classless 
ip helper- address [ipaddress] 
ip http server 
ipx_network 
ipx routing 
load monitor 
logging 
|OS troubleshooting tools 2nd 
show logging 
logging synchronous 
no auto-summary 2nd 3rd 
no ip access- group ftp out 
no ip http server 
no ip proxy-arp 
no logging 
no shut 2nd 3rd 
no synchronization 
ping 
2900 switches 
character output 
Ethernet 
extended 
hostnames 
|OS troubleshooting tools 2nd 
JP 
IP 


testing 
user-mode 


ping ipx 

port monitor 

reload 2nd 

set spantree mode mst 

set trunk mod#/port# ? 
set trunk mod#/port# mod 
set vtp domain vtpname 


sh int switching 
show 


|OS troubleshooting tools 2nd 
ISDN 


show access-lists 

show arp 

show buffers 

show cdp neighbors 

show cdp neighbors [detail] 
show cdp neighbors detail 
show controllers 2nd 3rd 
show debug 

show frame-relay Imi 2nd 
show frame-relay map 2nd 
show frame-relay route 


show frame-relay traffic 
show hosts 


show interfaces 

show interfaces bri0 1 2 
show interfaces ethernetO 
show interfaces serial 0 
show interfaces serialO 
show ip bgp ? 

show ip bgp summary 
show ip interface brief 
show ip interface sO 

show ip ospf ? 

show ip protocols 

show ipx interface ethernet 0 
show ipx route 

show ipx servers 

show isdn history 

show isdn status 


show logging 
show mac address 


show memory 2nd 
show module 

show port 2nd 

show protocols 2nd 
show run interface briO 
show running- config 


show spanning-tree ? 
show stacks 


show start 
show startup-config 2nd 


show tech-support 2nd 
show version 


show vian 
show vmps 
spanning-tree vian 1 


switchport_ mode trunk 1OS 
terminla monitor (term mon) 


trace 
|OS troubleshooting tools 2nd 
loggin 
traceroute 2nd 
characters 
extended 


tracert 
write memory 
write- erase 
committed burst 
Committed Information Rate (CIR) 2nd 


Common Spanning Tree (CST) 
communications 


protocols 
comparisons 
models 
components 
ISDN 


compression 


config- register command 
configuration 


2900 switches 
3512XL switch 
ANSI LMI 


back-to-back (Frame Relay) 2nd 


Backup 
BPDU 2nd 


_BRI 
copying 2nd 
EtherChannel 
Ethernet 
Frame Relay switches 
_HSRP 
interfaces 
IP 
parameters 
_IPX 
loggin 
lower-layer discovery 
management 
routers 
multipoint interfaces 
scenario host 
SPIDs 
static maps 
viewing 
subnets 


Frame Relay 
switches 2nd 


clearing 
terminal servers 


upper-layer discovery 
VLANs 2nd 
configure terminal command 


connection- oriented Data Link Layer technology 
Connectionless Network Protocol (CLNS) 


connections 
Frame Relay 
testing 
frames 


troubleshooting 
ISDN. [See also ISDN] 


PPP 


layers 2nd 
troubleshooting 2nd 
serial 0/0 
connectivity 
end-to-end 
testing 
host-to-host 
testing 
connectors 
RJ-45 
contacting TAC 
content addressable memory (CAM) 
controllers 
testing 
copy tftp flash command 
copying 
configuration 
configurations 
Core Layer 
costs, pathes 
counters 
clearing 
CPE (customer premises equipment) 
crab routers, documentation 


CRC (cyclical redundancy check) 
crossover cables 


crossover Category 5 in-line couplers 
CS (carrier sense) 
CSMA/CD (carrier sense multiple access collision detect) 
CST (Common Spanning Tree) 
customer premises equipment (CPE) 
CPE (customer premises equipment) 
CWSI (CiscoWorks for Switched | nternetworks) 


cyclical redundancy check (CRC) 
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D Channel 
verifying 
DA (destination address) 


dampening 
Data Carrier Detect (DCD) 


data grams 
Data Link Layer (Layer 2) 
Data Set Ready (DSR) 
data-link connection identifier (DLCI) 
datagrams 
IP 
headers 
DCD (Data Carrier Detect) 
DDR (dial- on-demand routing) 2nd 
DDR (dialer-on-demand routing) 2nd 
DE (Discard Eligible) 2nd 
debug command 
ACLs 
debug commands 
10S troublshooting tools 2nd 
Time Stamps 
debug dialer command 
debug dialer events command 
debug frame-relay events command 
debug frame-relay Imi command 2nd 3rd 
debug frame-relay packet command 
debug ip bgp ? command 
debug ip icmp command 
debug ip ospf ? command 
debug ip packet command 
debug ip packet detail command 
debug ip rip events command 
debug ipx packet command 2nd 
debug isdn q921 command 2nd 
debug ppp authentication command 
debug ppp negotiation command 
debug serial interface command 
debug service timestamps command 
debugging 
packets 
_RIP 
serial interfaces 
default interface settings 
defaults 
switches 
resetting 


desktop tools 2nd 
destination address (DA) 


detection 
auto frame-type 
errors 

devices 
testing 

dial backup 2nd 


dial strings, ISDN 

dial-on-demand routing (DDR) 2nd 

dialer map command 

dialer map-class statements 

dialer-group command 

dialer-list_1 protocol ip permit command 
dialer-list 1 protocol ip permit global command 


dialer-on-demand routing (DDR) 2nd 
dialers 


lists 

troubleshooting 
didconnections 

TGP 
Diffusing Update algorithm (DUAL) 
Digital Intel Xerox (DIX) 
Digital Subscriber Lines (DSL) 
disabled states 
Discard Eligible (DE) 2nd 
discontiguous subnets 
discovery labs 

Trouble Tickets 2nd 
DISL (Dynamic Inter- Switch Link) 
display networks command 
Distribution Layer 


DIX (Digital | ntel Xerox) 
DIX Ethernet frame formats 2nd 


DLCI (data-link connection identifier) 
DLCl. [See also Frame Relay addresses] 
DNS (Domain Name System) 
documentatio 

labs 

Trouble Tickets 2nd 

documentation 

CD-ROM 2nd 

routers 

troubleshooting 2nd 
documentation. [See also baslines] 
DoD TCP/IP suite 

troubleshooting 2nd 


Domain Name System (DNS) 
domains 


broadcast 
VLANs 2nd 
broadcasts 2nd 
collision 
bridges 2nd 
collisions 
set vtp domain vtpname command 
TDR 
dot1Q (IEEE 802.1Q) 2nd 
drivers 
loading 
DSL (Digital Subscriber Lines) 
DSR (Data Set Ready) 


DUAL (Diffusing Update algorithm) 
duck routers 


documentation 
duck routers, building Layer 3 baselines 
dumps, memory 
Dynamic Inter- Switch Link (DI SL) 
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EA (Extension) bits 
Echo Reply packets 
Echo Request packets 
ECN (explicit congestion notification) 
editors 
JREC 
El GRP 
redistribution 2nd 
El GRP (Enhanced IGRP) 2nd 


Frame Relay 
loopbacks 


advertising 
Novell 2nd 
El GRP (Enhanced Interior Gateway Routing Protocol) 
electrostatic discharge (ESD) 
enable command 
encap frame-relay command 
encapsulation 
Frame Relay 
HDLC 2nd 
layers 
troubleshooting 2nd 
IP/IPX 
JISE 
mismatches 
Novell 
PPP 2nd 
end-system data flow 
end-to-end connectivity 
testing 
Enhanced IGRP (EIGRP) 2nd 
Frame Relay 
Novell 2nd 
Enhanced Interior Gateway Routing Protocol (EIGRP) 
erase startup-config command 
errors 
ESD (electrostatic discharge) 
EtherChannel 2nd 
Ethernet 2nd 3rd 4th 


10,000-Mbps 2nd 
10-Mbps 2nd 
100-Mbps 2nd 
1000- Mbps 
addressing 2nd 


configuring 
frame format 


frames 
802.2 SAP headers 2nd 
Ethernet Il (DIX Ethernet) formats 2nd 
raw (Novell 802.3) headers 2nd 
SNAP headers 2nd 
IEEE 802.3 evolution 2nd 
IP hosts 


Physical Layer 


transparent bridging 
Trouble Tickets 2nd 


troubleshooting 2nd 3rd 4th 
wireless 

evolution 
IEEE 802.3 Ethernet 2nd 

excess burst 

explicit congestion notification (ECN) 


extended ping command 
extended traceroute command 


Extension (EA) bits 
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factory defaults, resetting switches 
Fast EtherChannel (FEC) 
fast switching 


fault management 
FCS (frame check sequence) 


FDDI 
frame format 
Feature Navigator 
FEC (Fast EtherChannel) 
FECN (forward explicit congestion notification) 2nd 
ferry routers, documentation 
fields 
show port command 
File Transfer Protocol (FTP) 
servers 
files 
hosts 
Windows 2000 
isdn ending configs 
running- config 
filters 
routes 
_SAP 
first 
Flash 
LOS versions 
memory 


upgrading 
floating static routes 


Fluke handheld devices 
formats 
Ethernet II (DIX Ethernet) 2nd 
frames 
PPP frames 
forward explicit congestion notification (FECN) 2nd 
forwarding states 
FQDN (fully qualified domain names) 
frame check sequence (FCS) 
Frame Relay 
addresses 2nd 
applying routers as switches 2nd 
back-to-back configuration 2nd 
_BGP 
frames 2nd 
history of 2nd 
inverse ARP 2nd 
IS-IS 
loopback testing 2nd 
_OSPF 
Physical Layer 2nd 3rd 
routing protocols 2nd 
standards 
static map statements 2nd 
static maps 


adding 

subinterfaces 

terminology 

topologies 

Trouble Tickets 2nd 3rd 4th 

troubleshooting 2nd 3rd 
frame relay route commands 
frame-relay interface dici dici# command 
frame-relay intf-type dce command 
frame-relay local-dici command 
frames 


auto frame-type detection 
connections 


troubleshooting 
Ethernet 
802.2 SAP headers 2nd 
Ethernet Il (DIX Ethernet) formats 2nd 
raw (Novell 802.3) headers 2nd 
SNAP headers 2nd 


Frame Relay 
frames 2nd 
maps 
PPP formats 
taggiin 
types 
Novell 2nd 
FTP (File Transfer Protocol) 
servers 


fully qualified domain names (FQDN) 
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GD (General Deployment) 2nd 
General Deployment (GD) 2nd 
Get Nearest Server (GNS) 

Gigabit EtherChannel (BEC) 
Gigabit Ethernet 

global positioning systems (GPSs) 
GNS (Get Nearest Server) 

goose routers, documentation 
GPSs (global positioning systems) 
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hard code speed 
hardware 


support 
tools 
Hayes command 
HDLC (High-Level Data Link Control) 2nd 3rd 4th 5th 
layers 
troubleshooting 2nd 
headers 
Frame Relay 2nd 
IP 
analyzing 
_1PX 
layers 
heron routers 
documentation 
hex place values 
hierarchies 
autonegotiation 
High Speed Study Group (HSSG) 
High-Level Data Link Control (HDLC) 2nd 3rd 
High-Level Data Link Control. [See HDLC] 
High-Speed Serial Interface (HSS!) 
history 
of Frame Relay[history 
Frame Relay] 2nd 
hops 
ar 
host-to-host connectivity 
testing 
host-to-host delivery 
hosta 
CDaemon Syslog 


testing 
hosta IP configuration 


hostname command 
hostnames 
ping command 
hosts 2nd 3rd 
2900 switch 
ping command 
routes 
viewing 
scenerio configuration 
subnets 
hosts files 
Widnows 2000 
Hot Standby Router Protocol (HSRP) 2nd 
HSRP (Hot Standby Router Protocol) 2nd 
HSSG (High Speed Study Group) 
HSSI (High-Speed Serial Interface) 
HTTP (Hypertext Transfer Protocol) 


|P parameters 
HTTP (Hypertext Transport Protocol) 


hubs 2nd 3rd 

multipoint subinterfaces 
hybrid back-toback configuration 
Hypertext Transport Protocol (HTTP) 
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[AB (Internet Architecture Board) 
IANA (Internet Assigned Numbers Authority) 
ICMP 
type values and codes 
IDB (Interface Description Block) 
IEEE 802.1Q 2nd 
IEEE 802.3 Ethernet evolution 2nd 
IESG (Internet Engineering Steering Group) 
IETF (Internet Engineering Task Force) 
IGRP (Interior Gateway Routing Protocol) 2nd 
infrastructure 
Integrated Services Digital Network (ISDN) 
Trouble Tickets 2nd 
Integrated Services Digital Network. [See IDSN ] 
Inter-Switch Link (ISL) 
inter-VLAN routing 2nd 3rd 4th 5th 6th 
Interface Descriptor Block (IDB) 
interface vian # command 
interfaces 
backup 2nd 
bouncing 
BRI 
configuring 
JEU) 
CatOS-based switces 2nd 
|OS-based switces 2nd 
default settings 
HSSI 
IP 
testing 
ISDN 
statistics 
ISDN BRI 2nd 
layers 2nd 
troubleshooting 2nd 
MIL 
NIC 
normal 
verifying 
serial 
debugging 
keepalives 
Trouble Tickets 2nd 
viewing 
shut down 
Sniffer Pro 
applying 2nd 


starting 2nd 
statistics 


switches 
resetting default factory settings 
targets 
testing 
troubleshooting 


WAN 


Interior Gateway Routing Protocol (IGRP) 2nd 

Intermediate System-to- Intermediate System (IS-IS) 2nd 3rd 
Frame Relay 

International Organization for Standardization (1SO) 
network management 

Internet Architecture Board (IAB) 

Internet Assigned Numbers Authority (IANA) 

Internet Engineering Steering Group (IESG) 


Internet Engineering Task Force (IETF) 
Internet Layer 


Novell 2nd 
TCP/IP 2nd 
Internet Network Information Center (InterNIC) 
Internet Protocol. [See IP] 
Internet Research Task Force (IRTF) 
Internet service providers (ISPs) 
Internet Society (ISOC)ISOC (Internet Society) 


Internetwork Packet Exchange. [See IPX] 
InterNIC (Internet Network Information Center) 


InterSwitch Link (ISL) 
Inverse ARP 
inverse ARP 


Frame Relay 2nd 
10S 


Configuration Backup 
Flash 


life cycle 

switches 2nd 
building Layer 2 baselines 
troubleshooting 2nd 

tools 
debug commands 2nd 
logging commands 2nd 


ping commands 2nd 
show commands 2nd 


trace commands 2nd 
troubleshooting 2nd 


upgrading 
IP (Internet Protocol) 


addresses 2nd 
subnets 2nd 
summarization 2nd 
headers 


analyzing 
hosta configuration 


configuration: hosta IP 
hosts 

Ethernet: hosts: |P: Ethernet 
IPX encapsulation 
MAC addresses 
parameters 

configuring 
ping command 
routes 


verifying 


routing 
testing 
troubleshooting 2nd 
ip classless command 
ip default- gateway statement 
ip helper-address [ipaddress] command 
ip http server command 
IPX 
configuration 
IPX (Internetwork Packet Exchange) 
addressing 2nd 
binding 
clients 
analyzing startups 


encapsulation 
headers 


Novell. [See also Novell] 
SAP filters 
troubleshooting 2nd 
verifying 
ipx network commands 
IPX RIP protocol 2nd 
ipx routing command 
IRTF (Internet Research Task Force) 
IS-IS (Intermediate System-to-Intermediate System) 2nd 3rd 


Frame Relay 
ISDN 


Trouble Tickets 2nd 

ISDN BRI (Integrated Services Digital Network Basic Rate Interface) 2nd 
layers 2nd 
troubleshooting 2nd 

isdn ending configs file 

ISL 
encapsulation 

ISL (Inter-Switch Link) 2nd 3rd 

ISL (InterSwitch Link) 

ISO (International Organization for Standardization) 
network management 

ISPs (Internet service providers) 
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keepalives 
kentnarrows switch, documentation 
Kermit protocol 
keywords 
loggin 
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LAN Emulation (LANE) 

LAN Management Solution (LMS) 
LANE (LAN Emulation) 

LAPD (Link Access Procedure D) 
LAPD (Link Access Protocol) 


Layer 1 
Layer 2 
building baselines 
Layer 3 
baselines 
Layer 4 
Layer 5 
Layer 6 
layers 
Access 
Application 
Core 
data Link 
discovery labs 
Distribution 
Ethernet 
HDLC 
headers 
Internet 
Novell 2nd 
ISDN BRI 2nd 
Network 
_OSI. [See also OSI] 
Physcial 
Frame Relay 2nd 3rd 
Physical 
Ethernet 
PPP 2nd 
Presentation 
Session 
TCP/IP 2nd 
Internet 2nd 
Transport 2nd 
Upper-Layer 2nd 


Transport 
Novell 2nd 


troubleshooting 2nd 
Upper 
Novell 2nd 
LDN (local directory number) 
leaks, memory 


learning states 
least significant bit (LSB) 


LECs (Local Exchange Carrier) 


LEDs 

levels 
loggin 

life cycles 


10S 


like devices 
line termination (LT) 
Link Access Procedure D (LAPD) 
Link Access Protocol D (LAPD) 
link-state advertisement (LSA) 
listening states 
lists 
access 
dialers 
little- endian systems 
LLC (Logical Link Control) 
LMI (Local Management Interface) 
Frame Relay 2nd 


LMS (LAN Management Solution) 
load monitor command 


loading 

drivers 
local directory number (LDN) 
Local Exchange Carrier (LECOs) 
Local Management Interface (LMI) 

Frame Relay 2nd 
local multicast_addresses 
logging 

commands 

show logging 
configuring 


keywords 
levels 


trace commands 
logging commands 
1OS troublshooting tools 2nd 
logging synchronous command 
logical bridges 
VLANs 
logical bus networks 
Logical Link Control (LLC) 
logon 
Microsoft Client 
loopback testing 
Frame Relay 2nd 
loopbacks 
El GRP 
advertising 
troubleshooting 
viewing 
lower-layer discovery configuration 
LSA (link-state advertisement) 


LSB (least significant bit) 
LT (line termination) 
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MA (multiple access) 
MAC (Media Access Control) 
MAC (Media Access Control) address 
MAC (Media Access Control) addresses 
IP 
Main SerialO Interface 
management 
networks 
CiscoWorks 2nd 
JSO 
WANDL 
VLANs 2nd 
Management Information Base (MIB) 
maps 
frames 
ISDN 
static 
configuring 
static Frame Relay 
adding 
static statements 2nd 
Marketplace 2nd 
masks 
|P addresses 
maximum transmission unit (MTU) 
Media Access Control (MAC) 
Media Access Control (MAC) address 
media testers 
medium- independent interface (MI1) 
memory 
_CAM 
dumps 
leaks 
routers 
mess topology 
messages 
VTP 
monitoring 
methods 
access 
troubleshooting 2nd 
trunking 2nd 
MIB (Management Information Base) 
Microsoft Challenge Handshake Authentication Protocol (MSCHAP) 
Microsoft Client 
NetWare 
MII (medium-independent interface) 
mismatches, encapsulation 
MISTP (Multiple Instance STP) 
MLS (multilayer switching) 2nd 
MLSP (Multilayer Switching Protocol) 
models 


comparing 
OSI 


troubleshooting 2nd 
troubleshooting. [See also OSI] 


troubleshooting 2nd 
modifcation 


physical topology 
switches 2nd 

monitoring 

active montiors 

networks 2nd 

ports 2nd 

_SPAN 

VTP_messages 
most significant bit (MSB) 
MPPP (Multilink Point-to-Point Protocol) 
MSB (most significant bit) 


MSCHAP (Microsoft Challenge Handshake Authentication Protocol) 
MTU (maximum transmission unit) 


multicast addresses 

multilayer switching (MLS) 2nd 
Multilayer Switching Protocol (MLSP) 
Multilink Point-to-Point Protocol (MPPP) 
multiple access (MA) 

Multiple Instance STP (MISTP) 

multiple switches 

multipoint subinterfaces 2nd 3rd 4th 5th 
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names 
canonical 
management 
resolution 
NAT (Network Address Translation) 2nd 
NCP (NetWare Core Protocol) 
NDS (Novell Directory Service) 
negotiation 
_paths 
NetBIOS (Network Basic Input/Output System) 
Netsys Baseliner (WANDL) 
NetWare 
display networks command 
Microsoft Client 
NetWare Core Protocol (NCP) 
Netware Link Services Protocol (NLSP) 2nd 
NetWare Loadable Module (NLM) 
Network Address Translation (NAT) 2nd 
network architecture 
selecting 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 
25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th 47th 48th 
49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 69th 70th 71st 72nd 
73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 9Oth 91st 92nd 93rd 94th 95th 96th 
97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111th 112th 113th 114th 115th 116th 
117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 131st 132nd 133rd 134th 135th 
136th 137th 138th 139th 140th 141st 142nd 
Network Basic Input/Output System (NetBIOS) 
network interface card (NIC) 
Network Layer (Layer 3) 
network management systems (NMS) 
network operating system (NOS) 
Network Time Protocol (NTP) 2nd 3rd 
Networking Professionals Connection 
networks 
connections 


figure icons for 


figure icons for 
ISDN 


Trouble Tickets 2nd 
ISDN BRI 2nd 
layers 2nd 
troubleshooting 2nd 
management 
CiscoWorks 2nd 
ISO 
WANDL 
media testers 
monitors 2nd 


segmentation 


bridges 2nd 
repeaters (hubs) 2nd 


routers 2nd 
switches 2nd 
WAN 


HDLC 2nd 


layers 

terminology 2nd 

Trouble Tickets 2nd 
troubleshooting 2nd 3rd 4th 


next-hop-self concept. rl 
NIC (network interface card) 2nd 


NLM (NetWare Loadable Module) 
NLSP (NetWare Link Services Protocol) 2nd 
NMS (network management system) 
no auto-summary command 2nd 3rd 
no ip access-group ftp out command 
no ip access-group statement 
no ip http server command 
no ip proxy-arp command 
no logging console command 
no shut command 2nd 3rd 
no synchronization command 
non-root bridges 
nonlinear path costs 
normal call clearing 
normal interfaces 

verifying 
NOS (network operating system) 
Novell 


addressing 2nd 
EIGRP 2nd 
encapsulation 
IPX RIP protocol 2nd 
packets 2nd 
frame types 2nd 
protocols 2nd 
frame types 2nd 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer 2nd 
Trouble Tickets 2nd 
troubleshooting 
Novell Directory Service (NDS) 
Novell Network Registry 
NTP 
viewing 
NTP (Network Time Protocol) 2nd 3rd 
numbers 


application ports 
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OLE _LINK1 
OLE _LINK2 2nd 3rd 
OLE_LINK3 2nd 
OLE _LINK4 
Open Shortest Path First (OSPF) 2nd 3rd 
Frame Relay 
Open Shortest Paths First (OSPF) 
labs 
Trouble Tickets 2nd 
Open System Interconnection (OS!) 
optimization 
STP 2nd 
Organizationally Unique | dentifier (OUI) 
Osl 
Application Layer 
Data Link Layer 
Network Layer 
Physical Layer 
Presentation Layer 
Session Layer 
Transport Layer 
troubleshooting 2nd 
troubleshooting. [See also OSI] 
OSI (Open System Interconnection) 
OSPF 
redistribution 2nd 
OSPF (Open Shortest Path First) 2nd 3rd 
Frame Relay 
labs 
Trouble Tickets 2nd 
osprey routers, documentation 
OUI (Organizationally Unique | dentifier) 
output 
ping command 
characters 


Output Interpreter 
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packets 
capturing 
debug ip packet command 
debug ip packet detail command 


Echo Reply 


Echo Request 
IP 


headers 
|PX RIP 
_MLSP 
Novell 2nd 


frame types 2nd 
_protocol analyzers 2nd 


protocols 
RConsole SPX 


analyzing 
RIP 
analyzing 
debugging 
switching 
parameters 
IP 


configuring 


passwords 
2900 switch 


3512XL switches 
pathes 
Costs 
paths 
negotiating 
PBXs (private branch exchanges) 
PCL (printer control language) 
PDUs (protocol data units) 
performance 
management 
permanent virtual circuit (PVC) 
states 
permit statement 
permit tcp statements 
phyiscal topology 
switches 2nd 
Physical Layer 
Ethernet 
Frame Relay 2nd 3rd 
Physical Layer (Layer 1) 
ping command 
2900 switches 
character output 
Ethernet 
extended 
hostnames 
JP 
IP 


routers 


user-mode 
ping commands 

1OS troublshooting tools 2nd 
ping ipx command 


Please Do Not Threaten Support People Again 
Point of Presence (POP) 


Point-to-Point Protocol. [See PPP] 
poison reverse 
policies 
_VMPS 
POP (Point of Presence) 
POP (Post Office Protocol) 
port monitor command 
ports 
application numbers 
monitoring 2nd 
toot 
show port command 
_SPAN 
states 
Post Office Protocol (POP) 
PPP (Point-to-Point Protocol) 
layers 2nd 
troubleshooting 2nd 
Predictor 
Presentation Layer (Layer 6) 
printer control language (PCL) 
private branch exchanges (PBXs) 
process switching 
Project DOTU 2nd 
protocol data units (PDUs) 
protocols 
analyzers 2nd 
_ARP 
tables 
BOOTP 
fae 
CDP 2nd 
_CHAP 
_CLNS 
communications 
DoD TCP/IP suite 
troubleshooting 2nd 
EIGRP 
HSRP 2nd 
_HTTP 
ICMP 
type values and codes 
IP 
addresses 2nd 


routing 
subnets 2nd 3rd 4th 


troubleshooting 2nd 
Kermit 
_LAPD 
_MLSP 


_MPPP 

MS CHAP 

_NCP 

NLSP 2nd 

Novell 2nd 
frame types 2nd 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer 2nd 

_NTP 
viewing 

packets 

_POP 

PPP: 


layers 2nd 


troubleshooting 2nd 
PUP 


RIP 2nd 
IPX headers 
redistribution 2nd 
testing 

routing 2nd 3rd 4th 
adding 
BGP 2nd 
EIGRP 2nd 
Frame Relay 2nd 
|GRP/EI GRP 2nd 
IPX RIP 2nd 
[S-IS 2nd 
NLSP 2nd 
OSPF 2nd 
RIP 2nd 
testing 

_RSTP 

_RTP 

_SLP 

_SMTP 

_SNAP 

STP 2nd 3rd 
BPDU analysis 2nd 
optimizing 2nd 
port monitoring 2nd 
RSTP 2nd 


Trouble Tickets 2nd 
VLANs 2nd 

suites 

TCP/IP 2nd 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer Layer 2nd 

testing 

TFTP 
copying configurations 
memory dumps 


troubleshooting 2nd 
VTP 2nd 


pruning 2nd 
Xmodem 


proxy ARPs 
pruning 
VIP 2nd 
pseudo frame switches 
PumpKin 
PUP (Xerox PARC Universal Protocol) 


PVC (permanent virtual circuit) 
states 
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QoS (quality of service) 
quality of service (QoS) 
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RAM 

upgrading 
RAM (random access memory) 

routers 
Rapid Spanning Tree Protocol (RSTP) 
Rapid STP (RSTP) 2nd 
raw (Novell 802.3) headers, Ethernet frame formats 2nd 
RConsole 

SPX packets 

analyzing 

realease designations 

1OS life cycles 
redistribution 

Trouble Tickets 2nd 
Reliable Transport Protocol (RTP) 
reload command 2nd 
reloading 

routers 
Remote Monitoring (RMON) 
repeaters 2nd 
replies 

Echo Reply packets 
Request For Comments (RFCs) 
requests 


Echo Request packets 
_GNS 
Tos 
resetting counters 


resetting switches 
resolution 


names 
Resource Manager Essentials (RME) 
resources 

desktops 


troubleshooting 
Cisco.com 2nd 


documentation CD-ROM 2nd 
Marketplace 2nd 


Project DOTU 2nd 
TAC 2nd 


restrictions 
trunking 
reviewing 
routing tables 2nd 
RFCs (Request For Comments) 
RIP 
IPX RIP protocol 2nd 
RIP (Routing Information Protocol) 2nd 3rd 4th 
analyzing 
IPX packets 
redistribution 2nd 
testing 


RJ -45 connectors 
RME (Resource Manager Essentials) 


RMON (Remote Monitoring) 


root ports 
ROTB (router out of the box) 


router out of the box (ROTB) 
router- on-a-stick scenario 2nd 
routers 2nd 
3600 series 
show flash command 
baselines 
building 
blades 2nd 
configuring 
documentation 2nd 
Frame Relay 
applying as switches 2nd 
HSRP 2nd 
Layer 3 
building baselines 
memory 
multipoint subinterfaces 
reloading 
testing 
tracing 
Trouble Tickets 2nd 
trunking 2nd 
dot1Q 2nd 
EtherChannel 2nd 
ISL 2nd 
methods 2nd 
VLANs 2nd 
routes 
filters 
hosts 
viewing 
IP 
verifying 
searching 
servers 
summarization 
static 


floating 


switch technologies 
CEF 2nd 


MLS 2nd 


testing 
routing 
CIDR. [See also Cl DR] 
DDR 2nd 3rd 4th 
inter-VLAN 2nd 3rd 4th 5th 6th 
IP 
protocols 2nd 3rd 4th 
adding 
BGP 2nd 
EIGRP 2nd 


Frame Relay 2nd 
I|GRP/EI GRP 2nd 


IPX RIP 2nd 
1S-1S 2nd 
NLSP 2nd 
OSPF 2nd 
RIP 2nd 
testing 
tables 
reviewing 2nd 
viewing 
Routing Information Protocol (RIP) 2nd 3rd 4th 
analyzing 
RSM/MSFC (router blades) 2nd 
RSTP (Rapid Spanning Tree Protocol) 
RSTP (Rapid STP) 2nd 
RTP (Reliable Transport Protocol) 


running-config file 
rxboot mode 
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SA (source address) 
SAP 
filters 
SAP (service access points) 
scenarios 
router-on-a-stick 2nd 
scenerio host configuration 
searching 
routes 
security 
management 
passwords 
segmentation 


bridges 2nd 
repeaters (hubs) 2nd 


routers 2nd 
switches 2nd 
Sequenced Packet Exchange (SPX) 
serial 0/0 connections 
serial interfaces 
debugging 
keepalives 
Trouble Tickets 2nd 
viewing 
Server Message Block (SMB) 
servers 
JETP 
routes 


summarization 
terminal 
configuring 
TFTP 
copying configurations 
Pumpkin 
MPS 
service access points (SAPs) 
Service Access Points (SAPs) 2nd 
service level agreement (SLA) 2nd 
Service Location Protocol (SLP) 
Service Profile Identifiers (SPIDs) 
Session Layer (Layer 5) 
sessions 
TCP 
disconnections 
set spantree mode mst command 
set trunk mod#/port# ? command 
set trunk mod#/port# mode command 
set vtp domain vtpname command 
sh int switching commands 
shared media access methods 
shooting trouble. [See troubleshooting] 
Shortest Path First (SPF) 
show access-lists command 
show arp command 


show buffers command 
show cdp neighbors [detail] command 
show cdp neighbors command 
show cdp neighbors detail command 
show commands 
1OS troublshooting tools 2nd 
ISDN 
show controllers command 2nd 
show controllers commands 
show debug command 
show frame-relay Imi command 2nd 
show frame-relay map command 2nd 
show frame-relay route command 


show frame-relay traffic command 
show hosts command 


show interfaces bri0 1 2 command 
show interfaces command 

show interfaces ethernetO command 
show interfaces serial 0 command 
show interfaces serial0 command 
show ip bgp ? command 

show ip bgp summary command 
show ip interface brief command 
show ip interface sO command 
show ip ospf ? command 

show ip protocols command 

show ipx interface ethernet 0 command 
show ipx route command 

show ipx servers command 

show isdn history command 

show isdn status command 


show logging command 
show mac address command 


show memory command 2nd 
show module command 
show port command 


show port monitor command 
show process command 


commands 
show process 
show protocols command 2nd 
show run interface bri0 command 
show running-config command 


show spanning-tree ? command 
show stacks command 


show start command 
show startup-config command 2nd 


show tech-support command 2nd 
show version command 


show vlan command 
show vmps command 
shut down 
signaling 
Frame Relay 2nd 
Signaling System 7 (SS7) 
Simple Mail Transfer Protocol (SMTP) 


SLA (service level agreement) 2nd 
SLP (Service Location Protocol) 
SMB (Server Message Block) 


SMTP (Simple Mail Transfer Protocol) 
SNAP 


headers 
Ethernet frame format 2nd 
SNAP (Subnetwork Access Protocol) 
Sniffer Pro 
packets 
capturing 
Sniffer Pro interfaces 
applying 2nd 
starting 2nd 
software 


support 
source address (SA) 
SPAN (Switched Port Analyzer) 
Spanning Tree Protocol (STP) 2nd 3rd 
BPDU analysis 2nd 
optimizing 2nd 
port monitoring 2nd 
RSTP 2nd 
Trouble Tickets 2nd 
VLANs 2nd 
spanning-tree vlan 1 command 
SPF (Shortest Path First) 
SPIDs 


configuring 
SPIDs (Service Profile Identifiers) 


split horizons 
spoke routers 
multipoint subinterfaces 
spoofing 
SPX (Sequenced Packet Exchange) 


SS7 (Signaling System) 
Stacker 


stacks 
testing 
standards 
Frame Relay 
troubleshooting 2nd 
standards. [See also protocols] 
star topologies 
starting 
IPX clients 
Sniffer Pro 2nd 
statements 
clock rate 
dialer map-class 
ip default-gateway 
no ip access- group 
permit 
permit tcp 


static maps 2nd 
states 


ports 
PVC 


static Frame relay maps 
adding 
static map statements 2nd 
static maps 
configuring 
static routes 
floating 
statistics 
interfaces 
ISDN interfaces 
LMI 
viewing 
VTP 
step5 
STP (Spanning Tree Protocol) 2nd 3rd 
BPDU analysis 2nd 
optimizing 2nd 
port monitoring 2nd 
RSTP 2nd 


Trouble Tickets 2nd 

VLANs 2nd 
straight-through cable 
straight-through cables 
strings 

ISDN 
subinterfaces 


Frame Relay 
subnets 2nd 


discontiguous 
Frame Relay 
configuring 


troubleshooting 
Subnetwork Access Protocol (SNAP) 


suites 

protocols 
summarization 

closing 

|P addresses 2nd 

VLSM 2nd 3rd 4th 5th 6th 7th 
support 

desktops 

hardware 

software 

technology 
support. [See also resources] 
swan routers, documentation 
switces 

CatOS 2nd 
Switched Port Analyzer (SPAN) 
switches 2nd 

1900 

Eciaiz 


accessing 
Cat5000/Cat6000 architecture 2nd 


CatOS 

building Layer 2 baselines 
configuring 

clearing 
documentation 
Frame Relay 

applying routers as 2nd 
hosta 


testing 
LOS 2nd 


building Layer 2 baselines 
ISDN 
multiple 
pseudo frame 
resetting 


route techologies 
CEF 2nd 


MLS 2nd 
Trouble Tickets 2nd 
troubleshooting 2nd 3rd 4th 


trunking 2nd 
dot1Q 2nd 


EtherChannel 2nd 

ISL 2nd 

methods 2nd 
VLANs 2nd 3rd 4th 


configuring 2nd 
traffic types 2nd 
_vmps 
switching 
sh int switching command 
switchport mode trunk 1OS command 
synchronization 
Frame Relay 
Syslog 
capturing 


[SYMBOL] [A] [B] [€] [D] [E] [F) (G) [H) CL) (K) (L) (M) [NJ [0] [P} (Q] [R} (S) (1) (U) [¥] [W) [X) 


T/L (type or length field) 
tables 
_ARP 
IDB 
routing 
reviewing 2nd 
viewing 
TAC (Technical Assistance Center) 2nd 3rd 
tagging frames 
targets 
interfaces 
TCP (Transmision Control Protocol) 
3-way handshake sequences 
TCP (Transmission Control Protocol) 
disconnections 
TCP/IP 
layers 2nd 
Internet Layer 2nd 
Transport Layer 2nd 
Upper-Layer Layer 2nd 
TDM (time-division multiplexing) 
TDR (time domain reflectometer) 
TE (terminal endpoint) 
Technical Assistance Center (TAC) 2nd 3rd 
Technical Service Bulletins (TSBs) 
technology support 
TEls (terminal endpoint identifiers) 
Telecommunications Act of 1996 
Telnet 


analyzing 
telnet 


applications 
Telnet 


testing 
terminal endpoint (TE) 
terminal endpoint identifiers (TEls) 
terminal monitor (term mon) 
terminal monitor (term mon) command 
terminal servers 
configuring 
terminology 
Frame Relay 
WAN 2nd 
testing 
1900 switch 
2900 switches 
3512XL switches 
ANSI LMI 
back-to-back configuration (Frame Relay) 2nd 
backup interfaces 
controllers 
devices 
end-to-end connectivity 
Ethernet 


ping command 
Frame Relay 2nd 3rd 


host-to- host connectivity 
interfaces 


IP 
IP 
ping command 
media 
protocols 
routers 
routes 
routing protocols 
stacks 
Telnet 
TFTP 
Configuration Backup 
TFTP (Trivial File Transfer Protocol) 
copying configurations 
memory dumps 


Pumpkin 
time domain reflectometer (TDR) 


Time Stamps 

debug command 
time-division multiplexing (TDM) 
time-to-live (TTL) 

_IPX 
timers 

_STP 
Toen Ring 

frame format 


Token Ring 
tools 


desktop 2nd 

hardware 

10S 
debug commands 2nd 
logging commands 2nd 


ping commands 2nd 
show commands 2nd 


trace commands 2nd 

troubleshooting 2nd 
Novell 

Internet Layer 2nd 

Transport Layer 2nd 


Upper-Layer 2nd 
TAC 


WANDL 

topologies 
Frame Relay 

TOS (type of service) 

trace commands 
LOS troublshooting tools 2nd 
loggin 

traceroute command 2nd 
characters 
extended 


tracert command 
tracing 
routers 
traffic 
protocol analyzers 2nd 


show frame-relay traffic command 
VLANs 2nd 


translators 


transparent bridging 


transparent mode 
Transport Layer 


Novell 2nd 
TCP/IP 2nd 


Transport Layer (Layer 4) 
Trivial File Transfer Protocol (TFTP) 


Pumpkin 
trouble tickets 
Trouble Tickets 2nd 
discovery labs 2nd 
documentation labs 2nd 
Ethernet 2nd 
Frame Relay 2nd 3rd 4th 
Novell 2nd 
OSPF labs 2nd 
redistribution 2nd 
routers 2nd 
serial interfaces 2nd 
STP 2nd 
switches 2nd 
VLAN 2nd 
VLANs 2nd 
WAN 2nd 
troublehsooting 
frames 
connections 
keepalives 
troubleshooting 2nd 3rd 4th 5th 
3512XL switch 
baselining 2nd 
_BGP 
CatOS 2nd 
checklists 
Cisco approach to 2nd 


desktops 
dialers 


documentation 2nd 

DoD TCP/IP suite 2nd 

encapsulation 

Ethernet 2nd 3rd 4th 

Frame Relay 2nd 3rd 
applying as switches 2nd 


back-to-back configuration 2nd 
subnets 


HDLC 2nd 
infrastructure 
interfaces 


10S 
switches 2nd 

|OS tools 2nd 
debug commands 2nd 
logging commands 2nd 


ping commands 2nd 
show commands 2nd 


trace commands 2nd 
IP 2nd 
IPX 2nd 
ISDN BRI 2nd 
keepalives 
layers 2nd 


loopbacks 
methods 2nd 


models 2nd 

OSI 2nd 

_OSI. [See also OSI] 
networks 

monitoring 2nd 
Novell 
PPP 2nd 
protocols 2nd 


analyzers 2nd 
resources 


Cisco.com 2nd 
documentation CD-ROM 2nd 
Marketplace 2nd 


Project DOTU 2nd 
TAC 2nd 


switches 2nd 
VLANs 2nd 3rd 4th 
WAN 2nd 


Troubleshooting Assistant 


trunking 2nd 
ISL 2nd 3rd 4th 5th 6th 


methods 2nd 

restrictions 
TSBs (Technical Service Bulletins) 
TTL (time-to- live) 

_1PX 
type 

_ICMP 
type of service (TOS) 
type or length field (T/L) 
types 

frames 

Novell 2nd 
VLANs 2nd 
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UDP 
UDP (User Datagram Protocol) 
Transport Layer 
unlike devices 
unplugging cables 
upgrading 
Bess 
RAM 
Upper- Layer 
Novell 2nd 
upper-layer discovery configuration 
Upper- Layer Layer 
TCP/IP 2nd 
User Datagram Protocol (UDP) 
Transport Layer 
user- mode ping command 
utilities 
TCP/IP 2nd 
Internet Layer 2nd 
Transport Layer 2nd 


Upper-Layer 2nd 
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values 
binary place 
| CMP 


values and code 
variable-length subnet masking (VLSM) 
verification 
D Channel 
Frame Relay switches 
IP routes 
_1PX 
multipoint subinterfaces 
normal interfaces 
PPP encapsulation 
VLANs 
viewing 
backup interfaces 


frame maps 
host routes 


LMI statistics 

loopbacks 

multipoint subinterfaces 
NTP 


routing tables 
serial interfaces 


static maps 
VLANs 
virtual LANs. [See VLANs] 
VLAN (virtual LAN) 
Trouble Tickets 2nd 
VLANs (virtual LANs) 2nd 3rd 4th 5th 


configuring 2nd 
inter-VLAN routing 2nd 3rd 4th 5th 6th 


managing 2nd 
STP 2nd 


traffic types 2nd 
Trouble Tickets 2nd 
troubleshooting 2nd 
verifying 

viewing 

_VMPS 

VTP 2nd 


pruning 2nd 
VLANs (virtual VLANs) 


trunking 2nd 

dot1Q 2nd 

EtherChannel 2nd 

ISL 2nd 

methods 2nd 
VLSM (variable-length subnet masking) 
VLSM. [See also subnets] 
VMPS (VLAN Membership Policy Server) 
VTP (VLAN Trunking Protocol) 2nd 


pruning 2nd 
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WAN (wide area network) 
HDLC 2nd 


layers 
troubleshooting 2nd 


terminology 2nd 
troubleshooting 2nd 
WAN (wide area networks) 
Trouble Tickets 2nd 
WANDL (Netsys Baseliner) 
WC3 (World Wide Web Consortium) 
Windows 2000 
hosts file 
wireless Ethernet 
Wireless Troubleshooting Center 
World Wide Web Consortium (WC3) 
write memory command 
write-erase command 
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Xerox Network Systems (XNS) 2nd 
Xerox PARC Universal Protocol (PUP) 


Xmodem protocol 
XNS (Xerox Network Systems) 2nd 


